MacSweeper is a rogue application that misleads users by exaggerating reports about spyware, adware or viruses on their computer. It is the first known "rogue" application for the Mac OS X operating system. The software was discovered by F-Secure, a Finland-based computer security software company on January 17, 2008.
As of 2009, the official website for the application, macsweeper.com, is currently offline, although the home page for KiVVi Software can still be accessed.
Problems caused by MacSweeper
MacSweeper could be downloaded through KiVVi software's (the company that makes the "rogue") website, as a drive-by download, or silently downloaded with another application. Once automatically installed, MacSweeper scans the computer and informs the user that many applications on their computer (such as iCal or Dashboard, safe pre-installed Apple applications) are "fat binaries or trash" and must be slimmed immediately. When the unsuspecting user tries to "Remove Objects", they are told that the trial version downloaded cannot delete the supposed trash. Then the user must provide credit card details to the company for a $39.99 "lifetime subscription serial key".
MacSweeper's Graphical User Interface and behaviour is almost identical to another program that is published by KiVVi Software, Cleanator. Cleanator, however is designed for Windows operating systems. It is also very similar to the SpySheriff and SpyAxe applications, infamous for typosquatting Google. A paragraph from within the software that encourages users to purchase the full version is identical to that of SpySheriff.
Companies including McAfee, Symantec and Sunbelt Software have identified the threat and have posted removal instructions on their websites. Intego VirusBarrier and iAntivirus are capable of removing it too. SiteAdvisor, a division of McAfee has controversially given the site a green rating. However, SiteAdvisor's tests are conducted on PCs, that cannot recognise .dmg, the file format of MacSweeper.
MacSweeper has received a lot of media attention from websites including CNET as well as others, as it is considered to be one of the first viruses for the Mac OS X operating system. Apple has always maintained on their website and in their advertisements that Macs are essentially 'virus free'.
After F-Secure alerted Macintosh users about the rogue, MacSweeper responded on F-Secure's website, saying
I would like to explain all the situation, about MacSweeper.
We are really trying to make a good software, and you wont find any viruses/spyware/trojans/malware in MacSweeper (test it your self, if you don't believe me, you can use any type of firewalls, dissemblers, or other tools) .
The problem is that we are using selling partners that forces us to use this marketing type. We would like to leave them, we don't want to completely destroy Good Name of MacSweeper application.
Personally I adore Mac Platform, and it hurts to hear that the program you wrote is said to be some kind of "Rogue application" , i wouldn't like to destroy good manners of software written for it :((
I would like to say sorry for all inconveniences that we could bring to you, but believe MacSweeper is meant to be a useful application. You can ask Questions, and i will try to answer them!
Thank You! email@example.com}}
- ↑ "Macsweeper - Symantec.com : Summary". 2008-01-17. http://www.symantec.com/security_response/writeup.jsp?docid=2008-011613-5206-99&tabid=1.
- ↑ "First Rogue Cleaning Tool for Mac". F-Secure Weblog : News from the Lab. 2007-01-15. http://www.f-secure.com/weblog/archives/00001362.html.
- ↑ "Macsweeper - Symantec.com : Technical Details". 2008-01-17. http://www.symantec.com/security_response/writeup.jsp?docid=2008-011613-5206-99&tabid=2.
- ↑ Kawamoto, Dawn (2008-01-15). "Security researcher issues warns against rogue MacSweeper". News Blog. CNET News. http://www.news.com/8301-10784_3-9850942-7.html.
- ↑ "MacSweeper - Google News". http://news.google.com/news?q=MacSweeper.
- ↑ "Apple - Get a Mac - Not on a Mac". http://www.apple.com/getamac/viruses.html.
- ↑ "MacSweeper Responds". F-Secure Weblog : News from the Lab. 2008-01-16. http://www.f-secure.com/weblog/archives/00001365.html.