A vulnerability in versions of MacKeeper earlier than 3.4.1 allows a remote attacker to execute arbitrary commands with root privileges on a system running OS X.
The flaw resides in the way the program handles its custom URL scheme and can be exploited by an attacker by tricking the user into visiting a maliciously crafted webpage.
Proof-of-concept code published
Can Mackeeper Be Trusted
Under OS X and iOS, there is the possibility for programs to register their own URL schemes, that allow them to perform certain tasks when clicking on links in webpages. One example is launching the email client and starting to compose a new message when an email address has been clicked.
Kromtech, the current developer of the product, rushed a fix on Friday, offering instructions on how the users can deploy the new version, either via the automatic update system, or by manually downloading and installing the fresh revision.
Jul 18, 2019 Find out why many users consider MacKeeper to be a potentially unwanted application and learn how to completely uninstall MacKeeper from Mac in a few steps. Update: July 2019 When it comes to keeping one’s Mac computer safe and performing at its peak, there are quite a few effective solutions out there as well as impostor apps that pass. Jan 14, 2018 According to MacKeeper's website, the steps are simple: quit the app and drag it to the trash. If you're running an older version of MacKeeper, you may need to remove its menu bar icon first. From the Apple menu, choose Go Applications. In the window that appears, double-click the MacKeeper icon. From the MacKeeper menu choose Preferences.
Hi there, I hope this is an update for all who have concerns about MacKeeper. This program was originally owned and marketed by 'Zeobit'. After a few days research and investigating this software (MacKeeper) it would appear that Zeobit has sold MacKeeper to 'Kromtech Alliance Corp whose parent company is named 'cleverbridge AG' based in Cologne-Germany. Many users will see references to an application called MacKeeper on various web sites and via pop-ups on their browser. Not only is it expensive for what it purports to do (freeware applications that do the same or more are readily available), it can sometimes install itself without the user realising it, and it can be very tricky to get rid of. The new MacKeeper app delivers multilayered protection from malware, online threats, and identity theft & Mac performance optimization. Learn what is MacKeeper.
Security researcher Braden Thomas reported the glitch last week and published a proof-of-concept (PoC) that demonstrates it by removing MacKeeper from the system when the user lands on a special website.
Attackers can ask for login data under false pretenses
According to an advisory from SecureMac released last week, at the root of the problem is insufficient validation of the commands executed by MacKeeper using its custom URL scheme.
“If MacKeeper has already prompted the user for their password during the normal course of the program's operation, the user will not be prompted for their password prior to the arbitrary command being executed as root,” the advisory says.
Alternatively, if there is no prior authentication, users are asked to enter their username and password. However, the credentials can be asked under different pretexts created by the attacker, so the true intention is hidden and the rogue commands are executed with root privileges.
The number of users potentially impacted by the vulnerability is not known, but as of March 24, 2015, MacKeeper has been downloaded more than 20 million times.
The program provides a suite of tools designed to eliminate performance bottlenecks on the system and to maintain its security state. However, there are reports on the web questioning both the application's benefits and the promotion practices used by its developers.
Many users will see references to an application called MacKeeper on various web sites and via pop-ups on their browser. Not only is it expensive for what it purports to do (freeware applications that do the same or more are readily available), it can sometimes install itself without the user realising it, and it can be very tricky to get rid of.
MacKeeper has been described by various sources as highly invasive malware*that can de-stablize your operating system, adding that it is unethically marketed, with a history of making false advertising claims, by a company called Zeobit, and a rip-off.
(Please note that references to the original developers, Zeobit, also now refer to Kromtech Alliance Corp, who acquired MacKeeper and PCKeeper from ZeoBit LLC in early 2013.)
Most positive reviews of it have been found to have been paid for by Zeobit (developers of MacKeeper) in the form of ‘free upgrades’ etc. One such opinion is:
For more about ‘astruturfing’ (writing phoney product reviews for money) see here:
and http://www.bbc.co.uk/news/technology-24299742
Further opinion on it and how to uninstall MacKeeper malware can be read here:
MacKeeper have recently said that the uninstaller from here:
now works.
There are many forms of ‘Malware’ that can affect a computer system, of which ‘a virus’ is but one type, ‘trojans’ another. Using the strict definition of a computer virus, no viruses that can attack OS X have so far been detected 'in the wild', i.e. in anything other than laboratory conditions. The same is not true of other forms of malware, such as Trojans. Whilst it is a fairly safe bet that your Mac will NOT be infected by a virus, it may have other security-related problem, but more likely a technical problem unrelated to any malware threat.
You may find this User Tip on Viruses, Trojan Detection and Removal, as well as general Internet Security and Privacy, useful: The User Tip seeks to offer guidance on the main security threats and how to avoid them.
Mackeeper Update
More useful information can also be found here:
www.thesafemac.com/mmg
* The expression ‘malware’ is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software.