21 comments

[ 2.8 ms ] story [ 63.3 ms ] thread
Is Clean My Mac X really malware?
The apps at the top are their sponsors, not the malware. However, as someone else pointed out, probably dumb on their part to design it that way. haha
Wow, I actually did zoom in on the icons and tried to remember that software not to use. That is a horrible design/layout choice. Glad I read this comment.

But I still wouldn’t install Clean My Mac, it shows up in the slimy parts of the web too often for me to think it’s legit.

(comment deleted)
Clean My Mac X I could believe, based on its name, to be malware.

Sophos, on the other hand...

I've found CMMX to be fairly useful actually. A lot of software in this category can be pretty pestery and exploitative but I've been pretty happy with CMMX
> CleanMyMac X is all-in-one package to awesomize your Mac. It cleans megatons of junk and makes your computer run faster. Just like it did on day one.

Looks like it's badly infected with PatronizingPandering.exe... you might need to nuke this one from orbit and cut your losses.

Perhaps that's not the best place to list the sponsors.
(comment deleted)
To be fair, I've seen JAMF make a Mac run so slowly that you'd think it was infected.
This was my main thought as well, right after "Ah, so CleanMyMac X really is malware - I knew it!"
That's... a long list, too long for me to read it all I think. Wish there were a summary of general trends/takeaways

  ~> p | grep 'Infection Vector' | sort | uniq -c | sort -s -rnk1,1
     4 Infection Vector: Unknown
     3 Infection Vector: TypoSquatting
     1 Infection Vector: (likely) Trojanized Disk Images
     1 Infection Vector: Malicious Ads / Fake Update Prompt
     1 Infection Vector: Safari Exploit
     1 Infection Vector: Supply-chain attack
     1 Infection Vector: Trojanized Disk Images(?)
     1 Infection Vector: Unknown, possible via infected npm packages
Has anyone seen Mac malware that involves hyjacking accessibly/mouse input? I've come across several Macs in the last year with mysterious self moving cursors. I don't know what benefit there would be for malware to hyjack a mouse cursor so my assumption is they simply have hardware problems with their trackpads. Makes me paranoid tough.
Typically random mouse movements are Bluetooth mice people forget are connected.

I suggest checking for that/ disable Bluetooth to see what happens.

Yeah, I'd bet that this is what is happening. A few times in the offices of my workplaces I've seen cases of BT keyboards and mice randomly reconnecting to Macs they'd been paired with at some point in the past (even years back) and causing a short bout of chaos.
I'm doubtful. It's certainly possible for malware to hijack mouse/keyboard control, with a local privilege escalation exploit, but I'm not sure what the point would be. Escalating to mouse/keyboard control is hard and any malware capable of doing that likely wouldn't need to.
Any app that allows accessibility persmissions has access. For example, I run a program called "Jiggler" whos job it is to jiggle my mouse during work hours as to prevent the teams "Away" status.
If it's a closed laptop sometimes when they get very warm the touch pad starts getting activated. At least that is what the problem was for me a few years ago with Intel MBPs.

There is an option to disable the track pad when using an external keyboard which was the perfect solution.

I once spent far, far too much time debugging my “broken” laptop to realize a book was touching the corner of my external trackpad that I wasn’t actively using.
Would be a trivial way of pretending the user is active and preventing sleep, useful for miners or ensuring the device is accessible when the attacker is online.

However, Apple has made substantial changes to how it handles hardware and system-level extensions, and I doubt this would be possible without exploiting either the OS or existing software on the system. It would require a sysadmin to install, as the approval process requires accessibility access.