MacKeeper - a(nother) reason not to use it


MacKeeperI’ve never been a fan of MacKeeper.

The utility suite which claims to help Mac users stop security threats, find duplicate files, and help you uninstall unwanted apps, has always been advertised too aggressively for my liking, and has been notoriously difficult to uninstall.

MacKeeper, developed by Zeobit and now owned by a company calling itself Kromtech Alliance, is - I think it’s fair to say - somewhat controversial.

Just take a look at some articles about MacKeeper on the web:

(There are many many others…)

I decided long ago that it wasn’t going to be software that I wanted to have on my Macs, and I’ve made a point of helping other Mac-owning friends and family come to the same decision whenever I’ve spotted it on their systems.

But in case you need yet another reason not to use MacKeeper - here’s one for you.

Last month a serious zero-day vulnerability was found in MacKeeper, that could be exploited by hackers.

Essentially, a hacker could create a boobytrapped link that - if clicked - would trick MacKeeper into executing code that have any number of unpleasant payloads - such as wiping your hard disk, stealing information or installing malware.

At the time, Kromtech said it was unaware of any exploitation of the vulnerability.

Now, The Register reports, BAE security researcher Sergei Shevchenko has discovered that malicious hackers are exploiting the vulnerability in in-the-wild attacks.

Shevchenko says users who click a crafted phishing link will be prompted to enter login credentials to the MacKeeper app that will allow malware to execute with admin rights.

MacKeeper vulnerability

So, you have a choice now.

You can either ensure that you are running the latest version of MacKeeper which reportedly fixes the vulnerability.

Or you can decide that it’s time to uninstall MacKeeper entirely. Good luck with that option - hopefully you’ll find a guide on the web if you find it a tricky process…

Tags: , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, ,

7 Responses

  1. Coyote

    June 17, 2015 at 6:09 pm #

    executing cod that have any number of unpleasant payloads - such as wiping your hard disk, stealing information or installing malware.’

    While I love seafood I somehow suspect the reference to cods is a missing ‘e’.

    Otherwise, I suppose there is one thing it won’t be tricked in to doing. That is of course removing itself (notwithstanding wiping the file system[s] out). Put another way, the only useful (albeit very small) part of my comment is to point out the typo.

    • Graham Cluley in reply to Coyote.

      June 17, 2015 at 6:47 pm #

      Cod almighty. There’s a time and plaice for puns like this…

      • Coyote in reply to Graham Cluley.

        June 17, 2015 at 11:46 pm #

        I agree but that’s because it is always a good time for puns, even if the pun is what some might call fishy.

        Edit: also phishy.

  2. Graeme McRae

    June 17, 2015 at 9:02 pm #

    You wrote “But in case you need another reason now to use MacKeeper - here’s another one for you” but I think you meant to write “not” instead of “now”.

  3. John S

    June 23, 2015 at 3:39 pm #

    I recently received a message asking if I wanted to update Mackeeper I clicked the link & commenced the download all the while being helped by “a human inside” After a while I discovered it was not free as claimed so refused to download the rest and uninstalled what I had.
    I was being asked repeatedly to continue the download. I responded by saying ‘no way’ I was misled in that you do charge for the download
    To which their response was (& I kid you not) “we don’t mention money otherwise the customer tends to focus on that” unbelievable & more importantly do Apple know about this

  4. Laura

    March 20, 2017 at 4:36 pm #

    I’ve just seen my hard-drive “die” because I accidentally downloaded this bloody thing. (It “disguised” as a Flash update).
    I am really upset, angry and don’t know what to do. Can one report these “companies”? I am just a normal computer user. If I could only understand all these cyber-words and language. :(

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.