Recently I responded to a suggestion that I "upgrade Flash" on my macOS system only do end up with several applications running, and intruding into my browser and desktop that I did not (mean to) install:
- Mac Ads Cleaner
- Mac App Cleaner
- Porn Cleaner
I followed instructions I found online for removing these apps and believe they are gone (Bitdefender's virus and malware virus scan shows no remaining malicious software).
However, I wonder what they did while they were on my machine. What I could see is that they were very intrusive: launching themselves, setting themselves up to re-launch on start, resetting my browser's homepage to a spoof "safe" search engine — even popping up a window when they were installed by moving to the Trash. But I would like to know what else they did while installed *that I couldn't see.
What do these (specific) apps do? Have they done any lasting damage? Or are they only a nuisance while installed?
Note that this isn't a general question about being infected or how to handle it, but what these specific and fairly widespread apps did while installed.
Best Answer
You ran into a scam - that was not an actual Flash Player update, it was just a malware installer made to look like Adobe Flash Player. People are so used to updating Flash every other day, so a web site offering an upgrade doesn't set off any alarms.
The programs that got installed are search hijackers. They bring up pages offering other fake programs, or even send you to a page that insists you have a virus, which includes a handy 800 number to call to remove it. This is a scam - the "support" company will remote into your system, probably steal personal info such as banking files, then charge you $500 for their "service." Fake, fake, fake.
Go to malwarebytes.org and download the free Mac version of AntiMalware. It will scan for and remove the remnants of those junk apps.
Next time you get a prompt to update Flash, use the applet in System Preferences or get the update direct from adobe.com. If the site still says you need to update, it's a scam and you should run screaming.