New OS X Malware Spotted–“Mac File Opener”

Adware and malware are one of the more common software problems we deal with here at the shop. Customers bring us their computers that are acting strangely, running slower or warmer than normal, or delivering unwanted pop-up ads. Often, customers don’t even know how they got these unwanted programs on their mac. Malware, scamware, and adware all have to be downloaded by the user, but they are often sneaky about how they present themselves. A MacBook Pro came in this week with a new sneaky little piece of adware that we hadn’t seen before. The owner told us that they’d been having problems with popups, and that they weren’t even able to use the MalwareBytes software to run an adware scan because whenever they tried to launch it, they were redirected to a website advertising software and asking for credit card information. This is not normal!

After examining the Mac, we found one piece of adware (“Crossrider”), one piece of bloatware (“Advance Mac Cleaner,” which doesn’t do what it claims and instead eats up system memory and issues popups in which it asks for more money), and one particularly tricky piece of malware (“Mac File Opener” or “Fake File Opener”). This third one is especially crafty. It associates itself with 238 different file types. When any files of those types are opened, Fake File Opener runs instead. It looks like an OS X dialog window, and says something like “No program was found that can open this file” This fake dialog window then directs to various scam websites. Very insidious!

Whenever our client tried to run a anti malware program to get rid of this adware, the fake file opener program launched itself instead and sent them to a website to try to get them to download even more fake software. Luckily, we were able to find the offending program on their computer, listed as OSX.FakeFileOpener. We uninstalled the adware and removed all traces of it, then got MalwareBytes up and running properly so they can perform malware scans on their own at home in the future. The cost for all of this was only $29, and we got the computer back to them the next day.

If you suspect you have accidentally installed adware like Advance Mac Cleaner or Mac File Opener, don’t hesitate to bring your computer to us for a free diagnosis rather than downloading unfamiliar software. Check out our Malware removal service page for more details.