OSX.SearchAwesome

Short bio

OSX.SearchAwesome is Malwarebytes' detection name for an adware that targets macOS systems.

Symptoms

Users of affected systems may see these warnings during install:

Type and source of infection

OSX.SearchAwesome is installed as a second stage infection, downloaded by another malicious installer, typically a supposed cracked app from a torrent. OSX.SearchAwesome installs a certificate to be used for a man-in-the-middle (MitM) attack, where malware is able to insert itself into a chain of custody somewhere, typically with network packets. In this case, the malware uses the certificate as the first step in gaining access to https traffic, which is normally encrypted between the browser and the website and can’t be viewed by other software. To establish this it uses mitmproxy, a legitimate open-source tool.

Aftermath

After removal mitmproxy will be left behind because this is a legitimate tool. But the presence of the tool and its certificate opens up the affected system to future infections as the user may be unaware of its presence.

Remediation

Malwarebytes for Mac will detect and remove the components of this malware, which is detected as OSX.SearchAwesome. However, it will not remove the components of mitmproxy, since that is a legitimate open-source tool. If you are infected, you should remove the mitmproxy certificate from the keychain (using Keychain Utility).

Clean your device now

Download now

See personal pricing

Sign in to your account

Visit our support page

OSX.SearchAwesome

Short bio

Symptoms

Type and source of infection

Aftermath

Remediation

Clean your device now

Download now

See personal pricing

Sign in to your account

Visit our support page

OSX.SearchAwesome

Short bio

Symptoms

Type and source of infection

Aftermath

Remediation

Related blog content