Threat Database Mac Malware 'PortalAgent Will Damage Your Computer' Message

'PortalAgent Will Damage Your Computer' Message

After the latest macOS from Apple, many users have begun encountering strange warning prompts that display messages similar to '[application name] will damage your computer. You should move it to the Trash.' It is not uncommon for the users not even to recognize the application mentioned in the prompt or that it was even installed on their computers. This is not surprising, though, as most of the triggers for the warning prompts are considered adware, browser hijackers, or other PUPs (Potentially Unwanted Programs). These applications rely on infiltrating the user's computer through misleading distribution schemes that hide their installation process. PortalAgent is exactly that application kind.

After deploying itself on the targeted system, PortalAgent will begin to generate monetary gains for its creators. It might do so by taking over certain browser settings such as the homepage, new page tab, and the default search engine and forcing them to open a promoted address, likely a fake search engine. Subsequently, whenever the user simply opens the affected browser, starts a new tab, or conducts a search, it would generate artificial traffic toward the promoted address immediately.

Browser hijackers are also capable of obtaining user data that will then be exfiltrated. Clicked URLs, search history, and visited websites could all be harvested. Some applications try to dig even deeper and access sensitive information that has been saved into the affected browser, such as banking, credit card, or payment details.

To make the 'PortalAgent will damage your computer' message disappear, it is recommended to remove the PortalAgent application. Keep in mind that doing so could be tricky as many browser hijackers and adware applications create auto-launch files spread across multiple locations. The best course of action is to conduct a scan with a professional anti-malware solution and remove all suspicious applications that have been detected.


Most Viewed