Malware loves to disguise itself as other legitimate apps that computer owners are most likely to download, such as Mac cleaning tools and optimizers. If you’ve seen ads promoting these tools or if you’ve seen notifications saying that your Mac has a number of threats that need to be removed, don’t ever think of clicking any of them. These are fake detections that aim to bait users into downloading and installing their malicious apps.
MacReviver is one of those heavily promoted Mac maintenance and cleanup tools that you see everywhere. The only difference is that there is actually legitimate MacReviver software, and cybercriminals are using this tool to piggyback on the app’s legitimacy. So when you see an ad for MacReviver, you need to investigate thoroughly before clicking on it because you might be downloading a malicious app on your computer.
In this article, we’ll show you how to differentiate between the legitimate and the fake MacReviver app, as well as discuss the dangers of being infected by the malicious app. We’ll also show you how to get rid of the MacReviver malware to prevent it from doing more damage to your computer.
What is MacReviver?
MacReviver is an all-in-one Mac maintenance utility. It is made up of several tools to resolve various macOS problems and revive your Mac’s performance. The app was developed by ReviverSoft, a tech company based in Walnut Creek, CA. ReviverSoft was later bought by Corel Corporation in 2014.
According to MacReviver’s description, the app has the essential tools to optimize, clean up, and maintain your Mac. It also includes an Anti-Theft feature to give your system an extra layer of security against theft. The app frees up your hard drive space, reduces startup time, tracks your Mac’s location in case of theft, and optimizes your device’s battery and speed.
However, MacReviver is also often used by malware as camouflage to trick users into downloading them. The fake MacReviver is considered a potentially unwanted program (PUP) that relies on intentional false positives to get users to upgrade to the premium version of the app. Other security software detect is an adware that pushes annoying ads to the user and modifies the browsers to serve its purpose.
The malicious MacReviver app usually gets installed without the user’s knowledge. As mentioned earlier, it is often offered through ads that you clicked on. Another common distribution method is bundling. It is often packaged together with other software. Users who do not read every step of the installation process and just skip the steps unintentionally are the usual victims of this malware. They are not aware that a PUP has been installed on their computers because they just skipped all the steps.
This PUP focuses more on Mac users, but it can also infect other systems, including Windows computers.
What Does MacReviver Do?
The legitimate MacReviver tool scans your Mac for unused files and deletes them. The free version allows you to use certain features, such as Duplicate Finder, Files Finder, and Battery Optimization. Upgrading to the premium version gives you access to more features. Although the things that MacReviver can do can also be done by other Mac cleaning software, it can still be quite useful and delivers on its promises.
The fake MacReviver app, on the other hand, just brings problems for your Mac. It might seem like it’s scanning your system, but it will actually show you false positives and will prompt you to upgrade to the premium version just to fix those errors.
You might also notice some mysterious changes, particularly on your default browser, after the malicious MacReviver has been installed. You’ll probably notice more ads appearing on your screen, especially those that are related to the products you’ve searched or bought online. This means that the adware has been keeping tabs on your buying habits and search queries, in order to deliver targeted ads based on your interests.
How to Remove MacReviver
MacReviver is a persistent type of adware that needs to be removed from the roots. To do this, you need to thoroughly delete the malware and get rid of its components, using the step-by-step instructions below:
Step 1: Remove Malicious Profiles from Your Mac.
Profiles on your Mac allow you to configure the system to do things that are otherwise impossible for ordinary users. Malware often creates malicious profiles on your Mac to prevent users from deleting the malicious program or to make changes to the computer. So before you do anything else, you need to remove these malicious profiles from your Mac before proceeding with malware removal.
To do this:
- Click the Apple menu, then choose System Preferences.
- Search for the Profiles icon. If you don’t find the Profiles icon, it means that you don’t have any profiles installed, which is also normal.
- If you see the Profiles icon, click on it and choose the suspicious profile you want to delete.
- Hit the Delete (-) button, then click Remove to delete the profile.
Step 2: Uninstall MacReviver From Your Mac.
Once you have removed the malicious profile, you can proceed with the uninstallation of the PUP. Quit the MacReviver app completely, then navigate to the Applications folder (Finder > Go > Applications). Find the MacReviver app icon and drag it to the Trash. Don’t forget to empty the Trash right after. You also need to delete all files associated with the PUP using a reliable Mac cleaning tool.
Here are some of known malicious files associated with MacReviver:
You also need to check each of these folders to make sure there are no infected files left:
- /Library/Application Support
Step 3: Scan Your Mac.
The next step is to scan your computer using your anti-malware program to make sure there is no other malware lurking on your computer. Make it a habit to scan your computer regularly to prevent adware, PUP, and other types of malware from infecting your system.
Step 4: Delete the MacReviver Login Items.
Malware usually installs itself under the login items so that it automatically runs when the user logs in. To remove it from the Login Items, follow the instructions below:
- Go to the Apple menu > System Preferences.
- Choose Users & Groups from the preferences window.
- You might need to unlock this section in order to make changes. Click on the lock icon found on the lower-left corner of the window.
- Choose the user account that runs MacReviver.
- Click on the Login Items tab.
- Choose MacReviver from the list, then click the delete [-] button to confirm your actions.