MCAFEE ADWARE! Please Read!

Randy Singer

Randy Singer

Registered
I'm starting to hear from more and more Macintosh users that there is a very annoying bit of adware going around. It constantly shows you notifications that your McAfee anti-virus software subscription is up. It will even show you these notifications outside of your Web browser.

In almost every case, the users who become infected say that they have never been McAfee subscribers. It also appears that only Safari users are effected. (I've not heard any reports of this adware from users of other browsers.) Attempts to get rid of the notifications by running Malwarebytes, DetectX Swift, or VirusBarrier are unsuccessful.

It turns out that the reason that the above are unsuccessful is because there is no malware infection per se. The culprit is a notification that users are tricked into agreeing to. The user visits a Web site, and clicks on a window that asks if the user wants notifications from that Web site. (These seem to have become very popular lately.) In some cases simply hitting Return on one's keyboard to clear the window sets the notification in the user's browser. It's also possible that the user is tricked into clicking on something that on the surface doesn't appear to have anything to do with notifications at all.

What this adware is trying to do is to funnel you to a fake McAfee Web site to get you to give them credit card information (ostensibly for the purpose of renewing your McAfee subscription). DO NOT agree to anything in this notification or on the associated Web site. Otherwise, fortunately, this adware doesn't harm your Mac in any way.

It's easy to remove this adware, but even easier to avoid it completely. So please tell all of your users to do the following:

To avoid it, if you use Safari, in Safari open Preferences in the Safari menu. Click on Websites. Click on Notifications in the column on the left. UNCHECK: Allow Websites To Ask For Permission To Send Notifications.

So far I've only heard of this adware effecting users of Safari. However, if you use Brave, in Brave, Brave menu —> Preferences —> Privacy and Security —> Site & Shield Settings —> Notifications —> set Don’t Allow Sites To Send Notifications

Now, go back to Site & Shield Settings —> Popups and Redirects —> set Don't allow sites to send pop-ups or use redirects.

Getting rid of this adware, if you are hit by it, is actually quite simple, and it doesn't require one to download any utilities:

1.) While in Safari, open Preferences in the Safari menu. Click on Websites. Click on Notifications in the column on the left. Delete all notifications that you don't recognize. (For most folks, this is probably all of them.)

2.) Still in Safari Preferences, click on Privacy. Then Click on "Manage Website Data". Click on "Remove All".

3.) Still in Safari Preferences, click on Extensions. Uninstall any Extensions that you aren't 100% sure that you installed on purpose.

It wouldn't hurt to close Safari and restart your Mac after doing all of the above.
 
Detail, on my Machine this menu item is named Settings...
but indeed, I don't understand the purpose of "notifications".
 
Thanks for raising this, Randy. That's very helpful to know. I might smell a rat anyway because I don't use McAfee, but I should relay this to others I know who might encounter this too.

I'm wondering if another solution might be to determine the origins of this notification and block it via the firewall (e.g. this could be configured via Little Snitch).

As an aside, it's great to see you on here. I have a copy of the 5th edition of The Macintosh Bible. ☺️
 
bbloke said:
Thanks for raising this, Randy. That's very helpful to know. I might smell a rat anyway because I don't use McAfee, but I should relay this to others I know who might encounter this too.
Click to expand...

Since the MacInTouch article, I've been hearing from a number of folks who had the problem, but who didn't know what it was or what to do about it, and they say that they were "losing their minds".

It attacks a huge security hole, as the Mac's general notification system ties into your browser's notification feature.

bbloke said:
I'm wondering if another solution might be to determine the origins of this notification and block it via the firewall (e.g. this could be configured via Little Snitch).
Click to expand...

Little Snitch is a reverse firewall. Basically, it blocks outgoing communications that you don't allow. The McAfee adware doesn't involve any outgoing communications, only incoming notifications.

In general I don't recommend Little Snitch to ordinary users. The Mac is very chatty, making lots of legitimate Internet connections all the time. Its reports are self-serving and very scary to most common users, and they only serve to needlessly make users paranoid.

bbloke said:
As an aside, it's great to see you on here. I have a copy of the 5th edition of The Macintosh Bible. ☺️
Click to expand...

Thank you, that's very nice of you to say! TMB has been dead and gone for a long time now. It was wonderful up until our publisher was purchased by a bigger publisher and ruined it. Even though TMB is gone, I try to maintain a number of Web sites to help Mac users. Have a look at: http://www.macattorney.com/welcome.html
 
Randy Singer said:
Little Snitch is a reverse firewall. Basically, it blocks outgoing communications that you don't allow. The McAfee adware doesn't involve any outgoing communications, only incoming notifications.

In general I don't recommend Little Snitch to ordinary users. The Mac is very chatty, making lots of legitimate Internet connections all the time. Its reports are self-serving and very scary to most common users, and they only serve to needlessly make users paranoid.
Click to expand...

Little Snitch certainly started out that way, but it's had the ability to block both outgoing and incoming communications for some time now. I've used it in the past to block specific ads, for example.

Little Snitch has also become a lot more friendly in recent years, although it could have been a bit overwhelming for many a while back! You can also run it in silent mode where it will permit connections but create related rules for you to check later, if you so choose. If you've not used it lately, you might be interested in another look. There's also now Little Snitch Mini, which has been made simpler and might appear to a wider range of people.

And, no, I don't get commission. :-D

Randy Singer said:
Thank you, that's very nice of you to say! TMB has been dead and gone for a long time now. It was wonderful up until our publisher was purchased by a bigger publisher and ruined it. Even though TMB is gone, I try to maintain a number of Web sites to help Mac users. Have a look at: http://www.macattorney.com/welcome.html
Click to expand...

I very much enjoyed the book. I'd grown up with the Mac OS but I looked forwards to OS X when it was in development, knowing System 9 (and previous) had some issues that a substantial rewrite would necessitate. Even so, I still look back on older Mac OS versions with some nostalgia, particularly System 8.5/8.6 and 9. Maybe not so much 7.5... ;-)


[Note: It won't let me post when using the sites emoji or the macOS' emoji, so I may edit/update this post later if it lets me use them again later.]
 
Macs don't need firewalls. There have been plenty of arguments about this on various Macintosh discussion lists. It's pretty well settled. See:
https://www.howtogeek.com/205108/your-mac’s-firewall-is-off-by-default-do-you-need-to-enable-it/

“In reality, firewalls aren't that useful for typical Mac users.,,

"A personal computer firewall blocks incoming data and commands. But incoming data and commands need something running on your computer that is listening and waiting to receive them. Old Windows computers had a variety of system processes that listened for incoming information and did things with them. When malicious information was sent to these computers, bad things could happen.

But Macs don't have these sorts of processes that listen for general data or commands. They really aren't something that you find on modern computers. ”

The Safe Mac » Do I need a firewall?

Everything you need to know to protect your Mac
www.thesafemac.com www.thesafemac.com

"..you almost certainly are accessing the internet from behind some kind of router. All wireless networks, for example, are managed by one or more routers. Those routers act like the gatehouse, separating the “local” network from the internet and routing all traffic coming inside to the right places (ie, computers). In such a case, you are safe from outside hacking attempts."

The Practical Guide To Mac Security
itunes.apple.com

‎The Practical Guide To Mac Security

‎Computers & Internet · 2017
itunes.apple.com

Mac Firewall: What Is It, Do You Need It, How To Use It? - AppleToolBox

The other day, while writing a post over preventing Mac malware, I found a built-in setting on my computer for a Mac firewall. Even more surprising that
appletoolbox.com appletoolbox.com
 
From the above, I hope my update about Little Snitch was not taken as a personal attack. It was certainly not meant that way. It was only that the suggestion that Little Snitch only dealt with outgoing traffic was not correct.

There's certainly been a lot of changes to the way processes and communications are handled (which also includes changes to firewalls at different levels), which is a good thing. For blanket statements that "Macs don't need firewalls" or "it's pretty well settled," I'd politely and gently disagree.

There may a lot of changes to make things safer, but I'd say if people use laptops (and are mobile), use third party apps, or have any uncertainty about the security of the network, then a firewall is still a good idea. After all, firewalls can be easy to use and make your Mac more secure, and they're very unlikely to make things any worse. As I mentioned above, I've also used my firewall to block a specific case of intrusive ads when ad-blockers had not been working. Some might also have an interest in just seeing where their network traffic is headed! :)

As an excerpt from your first site:

Firewalls do have their uses when connected to a network that contain untrusted users, such as open wifi at a coffee shop or having a direct connection to the internet (ie, not hidden behind something like a wireless router). For example, although there are no currently known bugs in Mac OS X that will allow hackers to gain remote access, there’s no law that says this has to continue. Should such a bug be discovered, safety is just a click away. Turning on the firewall would protect you from remote exploits.

In addition, there are many server processes running on any normal Mac. You may forget that you have file sharing turned on when you pull out your computer at a Starbucks. In addition to built-in server processes, plenty of apps include server functionality as well. 1Password’s wifi syncing, for example, involves 1Password on your Mac acting as a server and accepting connections from 1Password on your phone or tablet.
Click to expand...
 
A lot has changed with regard to security. For instance, that example about needing extra security when surfing the Web at a coffee shop (the typical example) is outdated. Just about every Web site now (and certainly Web sites with important data), uses Hypertext Transfer Protocol Secure (HTTPS). In other words, all data is encrypted from end to end.

Firewalls generally are intended to stop hackers. In the past 30+ years of communicating with many thousands of Mac users, I've yet to hear a single believable first hand report of anyone having their Mac hacked into. No Mac user needs a firewall. If you are paranoid, or you like playing with things, it can't hurt much to use one (though it will take up some overhead if you use a software, rather than a hardware one), but otherwise it's not necessary.
 
I say on Mac we only get trojans! To me the best modern trojan scanner is MalwareBytes.com! When you download the only thing the free version only scans when you inmate the scan! The paid version scans all incoming downloads and get updates! So mi only download the free person when I thing I have a trojan to current scanner and after it is done I delete it!
 
Last edited:
You must log in or register to reply here.
Back
Top