MacKeeper – a(nother) reason not to use it

Graham Cluley

MacKeeperI’ve never been a fan of MacKeeper.

The utility suite which claims to help Mac users stop security threats, find duplicate files, and help you uninstall unwanted apps, has always been advertised too aggressively for my liking, and has been notoriously difficult to uninstall.

MacKeeper, developed by Zeobit and now owned by a company calling itself Kromtech Alliance, is – I think it’s fair to say – somewhat controversial.

Just take a look at some articles about MacKeeper on the web:

(There are many many others…)

I decided long ago that it wasn’t going to be software that I wanted to have on my Macs, and I’ve made a point of helping other Mac-owning friends and family come to the same decision whenever I’ve spotted it on their systems.

But in case you need yet another reason not to use MacKeeper – here’s one for you.

Last month a serious zero-day vulnerability was found in MacKeeper, that could be exploited by hackers.

Essentially, a hacker could create a boobytrapped link that – if clicked – would trick MacKeeper into executing code that have any number of unpleasant payloads – such as wiping your hard disk, stealing information or installing malware.

At the time, Kromtech said it was unaware of any exploitation of the vulnerability.

Now, The Register reports, BAE security researcher Sergei Shevchenko has discovered that malicious hackers are exploiting the vulnerability in in-the-wild attacks.

Shevchenko says users who click a crafted phishing link will be prompted to enter login credentials to the MacKeeper app that will allow malware to execute with admin rights.

MacKeeper vulnerability

So, you have a choice now.

You can either ensure that you are running the latest version of MacKeeper which reportedly fixes the vulnerability.

Or you can decide that it’s time to uninstall MacKeeper entirely. Good luck with that option – hopefully you’ll find a guide on the web if you find it a tricky process…

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

7 Replies to “MacKeeper – a(nother) reason not to use it”

  1. 'executing cod that have any number of unpleasant payloads – such as wiping your hard disk, stealing information or installing malware.'

    While I love seafood I somehow suspect the reference to cods is a missing 'e'.

    Otherwise, I suppose there is one thing it won't be tricked in to doing. That is of course removing itself (notwithstanding wiping the file system[s] out). Put another way, the only useful (albeit very small) part of my comment is to point out the typo.

      1. I agree but that's because it is always a good time for puns, even if the pun is what some might call fishy.

        Edit: also phishy.

  2. You wrote "But in case you need another reason now to use MacKeeper – here's another one for you" but I think you meant to write "not" instead of "now".

  3. I recently received a message asking if I wanted to update Mackeeper I clicked the link & commenced the download all the while being helped by "a human inside" After a while I discovered it was not free as claimed so refused to download the rest and uninstalled what I had.
    I was being asked repeatedly to continue the download. I responded by saying 'no way' I was misled in that you do charge for the download
    To which their response was (& I kid you not) "we don't mention money otherwise the customer tends to focus on that" unbelievable & more importantly do Apple know about this

  4. I've just seen my hard-drive "die" because I accidentally downloaded this bloody thing. (It "disguised" as a Flash update).
    I am really upset, angry and don't know what to do. Can one report these "companies"? I am just a normal computer user. If I could only understand all these cyber-words and language. :(

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.




Stay informed!

Join thousands of others by signing-up for the free “GCHQ” newsletter, containing the latest news and tips from security expert Graham Cluley.

Name:

Email:

Yes, I would like to subscribe to email updates from Graham Cluley. I know it’s easy to unsubscribe if I ever change my mind.