?

Log in

No account? Create an account

Previous Entry | Next Entry

MacKeeper: The Gift that Keeps On Giving

Stop me if you've heard this one before:

A shady, disreputable company makes a dodgy bit of software they claim will protect a computer from malware, but that actually does nothing (at best) or harms your computer (at worst). They sell this software by creating fake Web sites that throw up phony "virus warnings" to visitors pushing the dodgy software, then use a number of devious and underhanded tricks to steer traffic to the fake antivirus pages. They get caught, they find themselves on the receiving end of a class-action lawsuit, and they sell the software to a new company, which promises to clean up its act but which ends up doing exactly the same thing.

If you're a Mac user, you probably recognize this story. It's the story of MacKeeper, a bogus bit of software that bills itself as a security and general cleanup app.



MacKeeper is a bit of software with a long and ignoble history. It was originally written by a company called Zeobit, which was so aggressive in marketing the software by shady means that it got hammered with a $2 million settlement in a class action lawsuit. Business Insider magazine has recommended that users stay away from it.

In 2013, a company called Kromtech bought MacKeeper from Zeobit. Kromtech claims to be a German company, but it's incorporated in the Virgin Islands and all its owners are in the Ukraine. And Kromtech is continuing the practice of pushing the software with phony antivirus sites and fake claims.

The scam works like this:

Booby-trapped ads on legitimate Web sites and redirectors placed on hacked Web sites steer users to fake antivirus pages. These antivirus pages, which live at URLs that look like official Apple URLs, pop up phony warnings of non-existent viruses.



These Web sites attempt to prevent you from leaving, and pop up alert box after alert box warning of a completely phony virus.



When you click on the button to do a "virus scan," you are shown--surprise!--a report that says your system is infected.



The supposed "tapsnake virus" that this warning talks about is bogus. Tapsnake does not exist; it is a scareware scam used to frighten naive computer and smartphone users into thinking they are infected with a virus.

And, naturally, when you click the "Remove Virus Now" button, you're taken to...wait for it...



Meet the new MacKeeper owners, same as the old MacKeeper owners.

I've seen a considerable uptick in phony antivirus sites trying to con people into buying MacKeeper lately, particularly in the last six weeks.

There is no Tapsnake virus, and your Mac is not infected. It's a con, designed to sell you a worthless piece of software.

Stay safe out there in cyberspace.


Comments

( 1 comment — Leave a comment )
theweaselking
Jul. 11th, 2016 12:57 am (UTC)
Here via a couple of friends who linked you.

As always, the three most critical protection tools you can possible have on any computer are:

1) A good ad blocker, like Adblock Plus with "acceptable ads" disabled, to prevent the malware popup from ever happening in the first place
2) An AV program with a good reputation that you know the name of, so you know that if a popup doesn't say it's from (eg) AVG, it's clearly not legit
3) the ability to read URLs. Because those URLs in your screenshots don't look ANYTHING LIKE "official Apple URLs". They're not even good obfuscation, they don't even TRY to pretend they're real Apple URLs. They all say com-store.me, they don't even try to be store.apple.com@badware.info. Those wouldn't pass muster to fool an internet user from the 1990s, they shouldn't work on anyone today.
( 1 comment — Leave a comment )