CleanMyMac X, the popular Mac management and clean-up app from MacPaw, has become the target for scammers who want to use it to try and steal users' personal information including passwords. The fake apps are being distributed online and via stolen YouTube accounts, according to the company.
The warning comes via Moonlock, the cybersecurity division of developer MacPaw, which notes that it spotted an app claiming to be CleanMyMac but was clearly " a malicious impersonation." Upon investigation it was found that there were multiple different versions of the fake CleanMyMac app in circulation, using different malware payloads including Atomic Stealer, PSW Stealer, and AdLoad Adware. Moonlock warns that these malware-filled versions of the fake CleanMyMac app could potentially "steal users' passwords and personal data and display unwanted ads on their Macs."
Moonlock set about working out where the fake versions of MacPaw's apps were being distributed, discovering that there were macpaw[.]us, cleanmymac[.]pro, mac-clean[.]org webpages offering them for download. The pages looked similar to the MacPaw website, including the use of its logos, although there were some differences. However, whether those differences would be enough for most people to notice something was awry is another matter entirely.
Check that download
MacPaw and Moonlock detailed the investigation in a blog post, noting that the fake websites were not the only distribution channel being used to peddle the counterfeit apps. It seems stolen YouTube channels were also employed.
"Phishing URLs are not enough to spread malware, so the attackers also use different channels to promote their software. For example, YouTube channels," Moonlock explains. "When we searched for 'cleanmymac x free download full version' on YouTube, we uncovered dozens of videos from a hijacked YouTube channel called COVISAR TV."
That channel mainly consisted of music videos from Portuguese bands, but the most recent videos were instead about CleanMyMac and how to mine bitcoins. Those videos then had links to the fake CleanMyMac downloads in their descriptions with MacPaw's security team confirming that there was no legitimate promotion in place that could explain the links away.
As for how users can make sure that they don't fall foul of these kinds of scams, Moonlock says that users should always download software from a developer's official website or the App Store rather than trust links from unknown third parties. They should also check the URLs that they are clicking for misspellings that could give the game away.
The post also suggests that people should "use a reliable antivirus or Mac cleaner software, such as CleanMyMac X with the Moonlock Engine, to scan your Mac regularly and remove any threats." It's also important to make sure that you keep your software updated, including installing the latest macOS updates, to ensure you have access to the latest protections, too.
As much as the App Store has its problems across both the Mac and iPhone/iPad, there is no denying that this is the kind of thing that it would normally be able to prevent. It isn't perfect — fake apps have been known to sneak into the App Store on occasion — but the App Store is undoubtedly safer than downloading apps from websites on the internet.
