PCVARK malware strain surfaces for the Mac, opens door for additional malware to be installed

Posted by:
Date: Tuesday, August 23rd, 2016, 05:00
Category: macOS, News, security, Software


A new strain of Mac malware has gone into the wild and is worth being a bit wary around.

The strain, discovered by Malwarebytes, is know as “PCVARK” and is labeled as “Advanced Mac Cleaner” online. Once activated, the installer places a trojan called “Mac File Opener”, which behaves in the following way according to Thomas Reed of Malwarebytes:

Once I had installed it and was poking around to see whether it had installed anything new – perhaps a shiny new piece of adware, for example – I discovered an odd app, named Mac File Opener, tucked away where the average user would never see it.

Even more intriguing, this app didn’t have any apparent mechanism for being launched. It hadn’t been added to my login items. There wasn’t a new launch agent or daemon designed to load it. It simply seemed to be sitting there, doing nothing.

Mac File Opener’s info.plist file included a list of some 232 file types Mac File Opener claims it can open. If you open one of those files types, chances are Mac File Opener gets launched. It then presents users with a fairly legitimate looking dialog. If the user agrees to it and click “Search Web”, they’re taken to a page at for “Mac File Opener” that tries to convince users to install additional malware.

In short, be careful out there, don’t download suspicious Mac utilities that offer the work and stick to the Mac App Store when you can for new software.

Stay tuned for additional details as they become available.

Via Mac Observer and Malwarebytes

Recent Posts