MacOSDefender

MacOSDefender is a dubious application tasked with generating monetary gains for its creators via underhanded methods. It also displays deceptive behavior when it comes to its distribution. MacOSDefender tries to sneak itself without being noticed by users through misleading tactics, such as bundling, where the intruder application is packaged as a preselected choice in the installation settings of other more popular programs. Applications that display such questionable behavior are classified as PUPs. It should be noted that MacOSDefender is related to another dubious app named Genieo.

The Browser Hijacker Functionality

Once established on the system, MacOSDefender will take control over the user's Web browser, like a typical browser hijacker. More specifically, the application will target the homepage, new tab page, and the default search engine settings. As a result, wherever users start the browser, open a new tab, or initiate a search via the URL bar, they will be taken to various shady websites.

In most cases, browser hijackers are used to driving traffic towards a fake search engine. Fake engines cannot produce results on their own. Instead, they either redirect the search query through a legitimate engine or cause a redirect chain that could include other fake or dubious engines. MacOSDefender does the second and all user searches will be redirected through the following chain:

google.com->goto-searchitnow.global.ssl.fastly.net->my-search.com->searchroute-1560352588.us-west-2.elb.amazonaws.com->alphashoppers.co

With MacOSDefender present on their Macs, users risk having their browsing activities tracked. Indeed, PUPs are known for having a data-harvesting functionality that includes various device details (IP address, geolocation, browser type, ISP, etc.) and browsing-related data, such as the entire search history, browsing, history, clicked URLs and more.

Removing MacOSDefender

MacOSDefender places its application files in the /Users/test/Library/Application Support/.dir/MacOSDefender.app/Contents/MacOS/ location, while its associated process is named MacOSDefender.app. Getting rid of the application could be challenging because MacOSDefender is set to start backing up itself, even if the user terminates it. The best approach is to scan the Mac system with a professional security solution and then let it remove all suspicious items automatically.