While they’re much less vulnerable than their Windows-based counterparts, Macs are still susceptible to contracting malware. Macs have even been infected by Windows-based malware cleverly disguised as award-winning titles like Adobe’s Flash Player. In fact, malware disguised as Flash Player is “particularly favored” among nefarious actors trying to exploit macOS machines, 9to5mac notes.
Apple has updated the XProtect security system in Mac OS X to block all versions of Adobe Flash Player prior to 12.0.0.44. This was done in response to a critical security update released by Adobe, fixing a vulnerability that was being exploited in the wild. Mac Users Attacked Again by Fake Adobe Flash Update Posted on April 12th, 2016 by Graham Cluley Mac users are once again being urged to exercise caution when installing updates to Adobe Flash Player, after a fake update was discovered infecting computers.
And while software like Malwarebytes is designed to scan for and remove potentially malicious software automatically, according to a blog post published by the security firm this week, there’s a new and much more aggressive variant of Flash Player malware currently on the loose — described in the post as a version of Crossrider adware capable of protecting itself from removal.
Essentially, the downloadable Flash plug-in is capable of changing the home page in both Apple’s Safari and Google’s Chrome web browser on macOS computers and, disturbingly, won’t allow users to change it back once it’s installed.
“After removing Advanced Mac Cleaner, and removing all the various components of Crossrider that have been littered around the system, there’s still a problem. Safari’s homepage setting is still locked to a Crossrider-related domain, and cannot be changed,” the firm explains, noting how “It turns out that this is caused by a configuration profile installed on the system by the adware.”
“Configuration profiles provide a means for IT admins in businesses to control the behavior of their Macs. These profiles can configure a Mac to do many different things, some of which are not otherwise possible.”
How to Delete Crossrider Malware and Restore Your Mac
As the firm explains, locating and deleting the installed Crossrider profile once it’s been installed can be tricky — but it’s still possible to erase, and restore your system/web browser back to its original settings.
Open System Preferences from your Mac desktop and click the Profiles icon. NOTE: if there’s no Profiles icon, then you don’t have any profiles installed, which is normal, according to Malwarebytes.
“This profile installs with an identifier of com.myshopcoupon.www, which is not visible in System Preferences,” the firm explains. “However, the profile can definitely be identified by scrolling through the details and looking for references to chumsearch[dot]com.”
To read more on this malware and how to properly identify and remove it if you’ve recently downloaded the Adobe Flash player specified, click here.
How to disable Adobe Flash Player
Google Chrome
1. Type 'chrome://plugins' into a new browser tab and hit Enter or Return.
2. Click the Disable link under Adobe Flash Player.
Microsoft Internet Explorer
1. Click the gear icon at the top right of the browser window.
2. Scroll down to and click Manage add-ons.
3. Select Shockwave Flash Object.
4. Click Disable.
Mozilla Firefox
1. Click the stacks icon at the top right of the browser window. (Or type 'about:addons' into a new browser tab.)
2. Scroll down to and click Add-ons.
3. Scroll down to Shockwave Flash and change the setting to Never Activate.
Apple Safari
1. Click Safari in the menu bar.
2. Scroll down to Preferences and click.
3. Click the Security tab in the pop-up window.
4. Click the second Website Settings button, next to Allow Plug-ins.
5. Select Adobe Flash Player.
Adobe Flash Player Mac Chrome
6. Select Block.
7. Click Done.
Opera
Adobe Flash Player For Mac Os X
1. Type 'opera:plugins' into a new browser tab and hit Enter or Return.
2. Scroll down to Shockwave Flash and click Disable.
Safe Adobe Flash Player Update
Paul Wagenseil is a senior editor at Tom's Guide focused on security and gaming. Follow him at @snd_wagenseil. Follow Tom's Guide at @tomsguide, on Facebook and on Google+.