AFP548 Site News November 9, 2015 at 2:29 pm

MacUpdate Considered Harmful

AssetsChanger Just for those that didn’t see this: https://blog.malwarebytes.org/news/2015/11/has-macupdate-fallen-to-the-adware-plague/

$ strings /Volumes/MacUpdate\ Installer/MacUpdate\ Installer.app/Contents/bin/AssetsChanger | grep browser
18BrowserTools_Opera
19BrowserTools_Safari
19BrowserTools_Chrome

Supposed to be 80.1MBs, downloads a 1.8MB DMG

]3 Supposed to be 80.1MBs, downloads a 1.8MB DMG

MacUpdate has decided to sell out their good name and lie down with the scummiest hijackers on the internet by allowing downloads to be delivered as an app instead of the actual payload. I guess Skype was too big a product to hijack, and so they’re only doing it for every other app, like, say, the little-known Firefox web browser. Which the don’t show as the first search result, which they sold to Chrome. What happens when you try to download Firefox? It instead delivers a ‘MacUpdate Installer’ app, white-labeled from a third party malware distributor, which surreptitiously sneaks browser extensions onto your computer. They even went so far as to spin it as a GOOD THING™ for customers in a blog post which then got pulled once the hubbub started. (Saved here for posterity.)

Update November 15, 2015:

They’ve stopped intercepting Firefox(just as before with the Skype example), but it’s not a long search to find other apps, like that barely-used product Dropbox nobody’s heard of. They’ve also publicly admitted that they have their priorities in the wrong order and don’t mind the comparison to similarly sleazy sites.

Application dressed like a package to fool users

]5 Application dressed like a package to fool users

Warn your friends and family against their site and let’s not support this type of ass-hattery.

Allister Banks

Allister lives in Japan, has not read the Slack scroll back, and therefore has no idea what is going on.

More Posts - Website

Follow Me:
Twitter

3 Comments

Leave a reply

You must be logged in to post a comment.