From 2018 to 2019, cybersecurity company Malwarebytes reported a 13% increase in consumer adware detections and a 463% increase in business adware detections, making adware its number-one malware category to watch.
Adware, also known as advertisement-supported software, is a type of software that displays ads. Adware can infect both desktop and mobile devices, including Macs, PCs, Androids, and iPhones. It sounds harmless enough, but some types of adware go to great lengths to turn your device into an advertising machine, such as:
Programmer Calls Out iOS as Adware
This is a list of known malware (including spyware, adware, trojans, viruses, worms, and similar tools) that have targeted iOS, including jailbroken iOS. The dates are approximate dates when people discovered, publicized, or started discussing the tool.
A tweak developer who went by various names (Felix, FelixCat, isoftjsc, Martin Pham, Nitram88, Nobitazzz, Nobita.ZZZ, Sara_Nobita, sara_nobita_zzz, tuyentq2009, vietSARA) included adware in his tweaks. These were many free packages along with some paid packages sold via the Cydia Store, mostly distributed by default repositories (until the problem was discovered). The adware ran ads in the background of iOS, displaying off-screen so that the user wouldn't notice them, with the revenue from those ads going to this tweak developer. This was first reported in August 2012 on the ModMyi forum and analyzed in September 2013 (discussion on Reddit).
Muda (also called AdLord), discussed by Claud Xiao, is a form of adware for jailbroken devices. It has been in the wild at least since October 2013. He writes "It spreads via third party Cydia sources in China, and only affects jailbroken iOS devices. Its main behaviors include to display advertisements over other apps or in notification bar, and to ask user downloading iOS apps it promoted. "
This advertising SDK, mostly used by Chinese App Store developers, was discovered by SourceDNA to be abusing private APIs in order to collect more personal information than is allowed by Apple security and privacy guidelines, including the list of apps installed on a device, serial numbers of a device and internal components, and user's Apple ID email address. Youmi exploited a weakness in App Store review process and evaded detection by obfuscating private API calls using simple string manipulation. 256 apps with estimated 1 million downloads were found to be affected, including the official Chinese McDonald's app.
We identified 42 apps on Google Play as belonging to the campaign, which had been running since July 2018. Of those, 21 were still available at the time of discovery. We reported the apps to the Google security team and they were swiftly removed. However, the apps are still available in third-party app stores. ESET detects this adware, collectively, as Android/AdDisplay.Ashas.
All the apps provide the functionality they promise, besides working as adware. The adware functionality is the same in all the apps we analyzed. [Note: The analysis of the functionality below describes a single app, but applies to all apps of the Android/AdDisplay.Ashas family.]
First, the malicious app tries to determine whether it is being tested by the Google Play security mechanism. For this purpose, the app receives from the C&C server the isGoogleIp flag, which indicates whether the IP address of the affected device falls within the range of known IP addresses for Google servers. If the server returns this flag as positive, the app will not trigger the adware payload.
Because the real nature of apps containing adware is usually hidden to the user, these apps and their developers should be considered untrustworthy. When installed on a device, apps containing adware may, among other things:
Trend Micro reported that some of the apps served on Haima have millions of downloads, including Minecraft PE (68 million), Terraria (6 million), QQ (45 million) and Pokemon GO (1 million). On a different third-party app marketplace, Vietnam-based HiStore, experts discovered a similar adware-laden Pokemon GO app that had been downloaded more than 10 million times.
The adware hosted on Haima is designed to collect information from infected devices, including IMSI and IMEI codes, jailbreak status, network information, device name and IP address. This data is sent to a C&C server and leveraged to deliver targeted ads.
What a bizarre story this is. Adware Doctor was a $4.99 app in the Mac App Store from a developer supposedly named Yongming Zhang. The app purported to protect your browser from adware by removing browser extensions, cookies, and caches. It was a surprisingly popular app, ranking first in the Utilities category and fourth overall among paid apps, alongside stalwarts like Logic Pro X and Final Cut Pro X.
The purpose of this User Tip is not to serve as instructions for installing malware. Clearly no one wants to do that, but intrusive and annoying adware has emerged as an increasing threat to one's Internet activity.
While most websites contain advertisements resulting in some income for the site owners hosting them, "adware" has become accepted to mean automatically generated advertisements specifically intended to generate revenue for their authors. That doesn't sound so bad, but particularly loathsome adware creators use deception to accomplish that goal, resulting in users being gulled into installing modifications that alter their desired Internet browser configuration. No reasonable computer user would intentionally install those modifications, because they can cause one's routine activity and site navigation to become nearly impossible.
Recognizing and avoiding adware is simple, but there are plenty of people new to the Mac whose prior experience with Windows PCs may have inured them to taking thoughtless actions that aren't prudent on any computing platform.
Despite this limitation I hope this document serves as a general resource to educate Mac users regarding adware, which is a persistent annoyance likely to remain with us for some time, unless Apple decides to completely prevent system modifications as they do with iOS devices. iOS is the future of mobile computing, and OS X is sure to follow. Until then, the only defense against the threat of adware is its recognition and avoidance.
Red flag #4: If you ever see the above dialog box, it should be taken seriously and not indiscriminately dismissed. Read the information it contains - it is designed to help you determine if the application is legitimate, or not. Certain adware even includes explicit instructions for circumventing this basic Mac security feature!
Previous adware variants were often helpfully identified by the names they used, such as Conduit, Downlite, Genieo, VSearch and many others. Their particular names really aren't important though... adware creators are constantly changing them in a desperate effort to escape their well-earned reputations. Remember this key point from the preface of this document: deception is an instrumental part of their business plan.
Interpreting adware's typically mangled attempts at legal terminology should be sufficient to scare anyone away from installing it. This is an educational exercise though, so let's continue and click Next.
The good news is that eradicating adware is fairly simple, but if you run into trouble one recovery procedure guaranteed to work is to recover your entire system from a Time Machine or similar backup that preceded installing the misery-causing junk. This isn't usually necessary, but maintaining a backup is always recommended for this reason and others. With a backup, you'll be assured that you can always recover to a working system, no matter how messed up your Mac becomes.
In case you overlooked the preface of this document, its one limitation is that adware is a constantly evolving threat, and what works today might not work tomorrow, next week, next month, or this afternoon. Newly discovered adware emerges almost daily, and proliferates like some Internet fungus preying on those unaccustomed to its distinctive odor. That's the problem with any automated means of detecting and intercepting malware of any description. In general though, you can search Apple Support Communities for recent eradication instructions, post a new question, or consult AppleCare for assistance. Just remember to contact Apple using the Contact Us link that appears on the bottom right of this page, never blindly following the results of a Google search, and never using a phone number displayed on some popup that appears. Phony "technical support" alone is one likely reason for adware's very existence. Don't compound one lapse of judgment with another.
MPlayerX is not malware. It is a legitimate program freely available from the Mac App Store. It does not modify OS X. It doesn't require a password to install. It demands no acceptance of pages upon pages of incomprehensible legalese as a condition of its use. I have no idea how it came to be associated with the specific adware discussed in this document, nor is there any reason to believe its developer has agreed to that relationship. The lesson to be learned is that any legitimate program distributed through the Internet can be effectively hijacked by nefarious individuals to be bundled with malware no reasonable person would want.
Have nasty adware on my computer. Ran AdwareMedic several times. It finds nothing. Followed the directions for removing adware manually. No luck there either.Ad for Filmon is one of the main screens. Would like to get some assistance on this new problem. Thanks.
The most common adware on Mac I have seen is the SEARCH-QUICK.COM highjack, where search-quick.com (junk) has forced itself to become the homepage and puts a large piece of junk in the Safari Toolbar too. This AdwareMedic app will remove that adware junk. 2ff7e9595c
Comments