In the continuing saga of Mac malware, we now focus on a problem where a specific app seeks control of Safari browser or an entirely different app or program. Using your Mac, you might find this message pop up:
“Finder.app” wants access to control “Safari.app.” Allowing control will provide access to documents and data in “Safari.app”, and to perform actions within that app.
When you click the Don’t Allow button and not OK, you find that the dialog box disappears for a bit. Then it comes back with a vengeance. It reeks of something bad, right? Let’s investigate further what causes Finder.app to want to control Safari.app, and what to do in this situation.
Mac Apps and Their Need for Accessibility Features
Some applications, such as Dropbox and maybe Steam, will ask if they can control your computer using accessibility features. In the most basic sense, this allows the app to control other programs.
According to Apple, if you are familiar with the app in question then you can authorize it. You can do this when you click Open System Preferences in the alert. Afterwards, choose the checkbox for the app in the Privacy pane. Otherwise, if you are unfamiliar with the app and simply don’t trust it, you can just hit Deny in the alert.
You might ask: why do I need to do this anyway? For starters, know that there is a whole process to enable Accessibility settings. Follow these steps:
- Open System Preferences.
- Proceed to Security & Privacy > Privacy > Accessibility.
- Click the lock icon found in the bottom left part.
- Next, enter your password to grant access to the app.
Easy, right? Well, these things are in place in the name of one sacred thing: security. Mac apps are self-contained by default and cannot mess with how you interact with other apps or the system. This shields you from untoward incidents, such as downloaded malware clicking buttons in your browser.
It cannot be denied, though, that some apps need to control other apps in order for them to work properly. For example, Dropbox has to have accessibility access in order to overlay a badge over Microsoft Office apps. In Mac computers, Bartender has to get accessibility access to rearrange as well as remove your Mac menu bar items.
If you’re thinking of just skipping these steps altogether, then think again. If these apps can act on your behalf without you knowing, then you are opening up a whole world of risks and dangers. These include malware potentially taking control of your Mac. What you can do is revisit your Accessibility access every so often to remove items that you don’t recognize at all.
What Is ‘Finder.app Wants to Control Safari.app’?
Now, let’s get to the bottom of this problem. Is a certain “Finder.app” wanting to control “Safari.app” a legitimate operation? Why does it keep popping up?
If your instinct tells you something about the whole thing is dodgy, trust it. The message is not a legit one.
The first thing you need to do in this case is to run your anti-malware tool. While you are at it, use a trusted Mac repair tool to clear out junk files and help optimize the entire system. If the message goes away on its own, then it’s likely to be related to malware, something that might have been downloaded without your knowledge.
The “Finder.app wants to control Safari.app” situation is nothing new. There is a whole slew of other messages of its kind out there. These are fake operating system pop-up messages that trick macOS users into allowing the offender to control their Safari web browser. Many other others have previously encountered this scam, so it’s important to keep your eyes peeled for their many varieties.
Here’s a quick summary of how these fake pop-up windows work:
- Adware installers or adware-type apps generate them.
- The fake pop-up window demands permission to access your browser, so it can apply changes to your settings.
- It then goes to work, such as causing unwanted and dangerous redirects to malicious and deceptive websites.
If you have come across this message, then it is likely that adware has entered your Mac computer. Adware programs are potentially unwanted apps (PUAs) that generate appallingly intrusive ads such as pop-ups and banners. The ads are displayed via tools that permit third-party content to be placed on sites and hide their underlying content.
They not only reduce the quality of your browsing experience, but also lead to unauthorized redirects to deceptive sites. PUAs also usually collect browsing-related data such as:
- Search queries
- IP addresses
- URLs of websites you visited
- Other data related to your browsing habits
PUA makers and developers then share the information with third parties, potentially including cyber criminals. These parties then use it for revenue generation and other shady activities.
You can start off by right away checking the list of installed apps as well as browser extensions. Afterwards, get rid of all the dubious characters.
How to Fight Off These Fake Pop-Up Messages
There are two ways that you can steer clear of “Finder.app wants to control Safari.app” and similar fake pop-ups:
Remove Related Files and Folders from OSX
- Click Finder from the menu bar. Choose Go > Go to Folder.
- In Go to Folder, type in /Library/LaunchAgents.
- In this folder, look for recently added suspicious files. Move them to Trash. Note, too, that adware typically installs several files having the same string.
- Check in your /Library/Application Support folder. In Go to Folder, type in /Library/Application Support.
- In this folder, look for recently added suspicious files again.
- Check in your /Library/LaunchDaemons folder. In Go to Folder, type in /Library/LaunchDaemons.
- In this folder, look for recently added suspicious files as well.
Eliminate Malicious Extensions in Safari
- Open Safari.
- From the menu bar, choose Safari.
- Click Preferences.
- In this window, choose Extensions. Look for recently installed suspicious extensions.
- Once you have located those files, click Uninstall next to them.
Simply put, “Finder.app wants to control Safari.app” is not to be trusted, especially if it keeps popping up after you have denied the request. It is one of the many fake pop-up windows plaguing Mac users with the intention to control their Safari web browser. From there, these dubious tools will redirect to malicious and deceptive websites.
Follow the steps we provided above to get rid of this fake pop-up message and steer clear of potential Mac malware.
Have you ever come across this issue? Let us know your story below!