Incident Response, TDR

Fake Safari update leads to potentially unwanted installations

Researchers with Malwarebytes have observed websites pushing a fake Safari update that leads to the installation of MacKeeper and ZipCloud, two controversial Mac programs that can be tricky to uninstall.

According to a Tuesday post, interacting with the fake Safari update results in ‘Apple Safari Setup.dmg' being downloaded. Upon execution, the user is sneakily asked to make a variety of installations, including MacKeeper and ZipCloud.

One of the installations happens to be a newer version of Safari along with Safari support files, the post notes. Researchers did not find any evidence of malicious modifications, but added that they would not choose to run this version of the browser.

If affected, Malwarebytes recommends removing MacKeeper and ZipCloud and also reinstalling OS X, which will overwrite Safari and the support files. Wiping the hard drive is not necessary, the post said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.