Fake Flash Player for Mac Locks Down Safari and Chrome Homepages
A fake Adobe Flash Player installer for Mac attempts to deploy Crossrider adware on the compromised hosts, and while users can remove most of the infection rather easily, not everything goes away so fast.
Malwarebytes explains in an analysis of the package that a fake Flash Player is being pushed to Mac systems in order not only to deploy a rogue application called Advanced Mac Cleaner, but also to lock down the homepage of Safari and Google Chrome browsers to a Crossrider-related domain.
“After removing Advanced Mac Cleaner, and removing all the various components of Crossrider that have been littered around the system, there’s still a problem. Safari’s homepage setting is still locked to a Crossrider-related domain, and cannot be changed,” the security vendor notes.