Last week a new version of the InstallCore installer was discovered that displays an unpleasant new trick: it pretends to be a Safari update!
Clicking the Update Now button downloaded a disk image file named “Apple Safari Setup.dmg”.
The installer on that disk image did not look like an Apple installer at all. Continuing with the installation resulted in being asked to accept the “Search-Assist” extension for Safari, with a big “Yahoo!” logo at the top of the window.
Next was acceptance of the installation of MacKeeper (BAD), though the text was relatively small and uniform, and the familiar MacKeeper logo was nowhere to be seen. Finally, I had to accept the installation of ZipCloud.
As a result, both MacKeeper and ZipCloud were installed and opened automatically. Although no browser extensions were successfully installed, both Chrome and Firefox had their preferences modified. Both browsers had their home pages and search engines set to a Yahoo “Search BOSS” page it also had the effect of completely breaking Safari on my 10.9.5 system.
Victims of this malicious installer should immediately remove both MacKeeper and ZipCloud, of course, but should also reinstall OS X. This will overwrite Safari and its support files with fresh copies.
No comments:
Post a Comment