Threat Database Mac Malware FakeFileOpener


FakeFileOpener is a Trojan that hijacks the macOS's file-program associations for promoting PUPs – Potentially Unwanted Programs that could endanger your computer or hamper its performance. Its pop-ups strongly resemble the default macOS prompts for opening files without associated programs, with minor differences. Users should treat this program as a threat and delete FakeFileOpener with appropriate anti-malware tools and avoid installing any software it promotes.

FakeFileOpener: The Momentous Difference in a Few Words of a Pop-Up

While it has a long way to catch up to the installation totals of adware, FakeFileOpener makes up more than a small portion of threat detection results for macOS users. This program is a pseudo-consensual version of a Trojan downloader that installs unwanted software but gets the user's consent – by lying to them. Variants of FakeFileOpener currently make up the second-most-populous threat alert for macOS systems and have payloads that are all-too-appropriate for the environment.

FakeFileOpener hijacks file-program associations by setting itself as the default program for over three hundred formats, including widely-used types, such as documents, music, etc. While FakeFileOpener lacks a 'normal' startup or launching mechanism, whenever a user tries to open a file in its list, FakeFileOpener opens instead of the normal one.

However, users may never recognize FakeFileOpener as a threat. FakeFileOpener's pop-up prompt is nearly identical to that of the default 'there is no application set to open the file' alert for macOS systems. There are a few differences that malware experts point out: FakeFileOpener grays out the Choose Application button and replaces the App Store button with a 'Search Web' one. The search also is fraudulent and redirects victims to Potentially Unwanted Program or PUPs such as a system optimizer, Registry cleaner or cookie remover tool.

Unlike Trojans like FakeFileOpener, PUPs usually don't intentionally attack the user. Their advertisements and other 'features' may endanger users as they browse the Web or cause numerous performance problems.

Catching Fakes before They Pose Problems

FakeFileOpener is specific to macOS systems. Its distribution uses tactics just as misleading as its payload; the Trojan's installer loads in fake virus alerts and security updates. Malware experts see these attacks occurring throughout the Web, though those specific to FakeFileOpener appear to relate to affiliated websites (such as known PUP developers' domains). Users can improve their chances against tactics by limiting their downloads to safe locations like the Mac App Store.

FakeFileOpener's implementation also suggests that users with less familiarity with their operating system's norms are at the most risk. Malware experts recommend that users double-check any unusual pop-ups or system prompts for discrepancies like different words, typos, or links to third-party websites. With FakeFileOpener and other threats, catching these minor symptoms can help victims avoid accidentally loading more unsafe content.

Users can also install updates for compatible anti-malware and security products for improving their detection rates. While most dedicated security programs should easily remove FakeFileOpener, users should correct any changes to their file format associations, as well.

FakeFileOpener wants nothing more than to sell software to the less discriminating, which is a near-universal sentiment for Mac developers. The shockingly deceptive way it gets that done is what makes it a Trojan, instead of just another kind of advertising or promotional software.


Most Viewed