OSX.SearchAwesome is Malwarebytes' detection name for an adware that targets macOS systems.
OSX.SearchAwesome is installed as a second stage infection, downloaded by another malicious installer, typically a supposed cracked app from a torrent. OSX.SearchAwesome installs a certificate to be used for a man-in-the-middle (MitM) attack, where malware is able to insert itself into a chain of custody somewhere, typically with network packets. In this case, the malware uses the certificate as the first step in gaining access to https traffic, which is normally encrypted between the browser and the website and can’t be viewed by other software. To establish this it uses mitmproxy, a legitimate open-source tool.
After removal mitmproxy will be left behind because this is a legitimate tool. But the presence of the tool and its certificate opens up the affected system to future infections as the user may be unaware of its presence.
Select your language