Has MacUpdate fallen to the adware plague?

Has MacUpdate fallen to the adware plague?

A Twitter user named Ciro Urdaneta made a concerning discovery on Friday:

MacUpdate adware 1

In other words, it seems that MacUpdate, long considered to be one of the only remaining trustworthy download aggregation sites for the Mac, has succumbed to the same plague that has ruined most of the others: adware.

Following Mr. Urdaneta’s hints, I sought out the Skype page on the MacUpdate site and downloaded the app. The result was a file named Skype Installer.dmg, which seems legit on first glance. However, opening this disk image file results in a MacUpdate installer, very similar to the adware-riddled custom installers used by sites like Download.com and Softonic.

MacUpdate 2

Sure enough, when running this installer, it will display a license agreement that the user is likely to click right past, giving the installer the right to change the browser’s settings and install a “Search-Assist” browser extension:

MacUpdate 3

This is behavior exhibited by many adware installers these days, and this particular license agreement is identical to the ones being used by the InstallCore adware. And sure enough, once the installer is finished, an InstallCore browser extension ends up installed in Safari:

MacUpdate 4

This extension, like all InstallCore extensions, does not use the aforementioned “Search-Assist” name. This one is named “SearchTrust”, but InstallCore extensions have used a variety of other unusual names, such as LadyMcCannon, AtheneTemple, JeffKekko and Eladiolus.

Others have reported that the MacUpdate Installer app will also install MacBooster, one of many unnecessary “cleaning” apps that are foisted onto users by these adware installers. The full behavior of such installers is not always clear, as factors such as when you run the installer or what network you’re on can result in different behavior.

Download.com (formerly VersionTracker) and Softonic have both been engaging in this kind of behavior for some time, and for this reason, Mac experts have been recommending against the use of such sites. Although it’s generally recommended to only download software from the developer’s site (such as skype.com in the case of Skype), some have continued to recommend MacUpdate, which hasn’t engaged in such behavior… until now. It appears MacUpdate may need to be added to the boycott list.

The oft-repeated advice for those looking for software to download bears repeating once again: only download apps from the Mac App Store or from the official developer’s website. This is certainly not a guarantee, unfortunately. For example, the official site for FileZilla distributes an adware-riddled installer. However, downloading from the developer’s site does minimize adware problems.

Update (Nov. 3, 2015): It turns out that this is now a “feature” of MacUpdate. If you are a paid member of MacUpdate and are logged in, you won’t see the adware installers. If you are not logged in, you will see them. This is evidently configurable in the profile preferences on a paid MacUpdate account, though not having such an account, I can’t provide specifics.

I’ve also been told that the MacUpdate Desktop app will download the real app rather than the adware installer, though I’m unclear as to whether that only applies to a paid copy of MacUpdate Desktop.

ABOUT THE AUTHOR

Thomas Reed

Director of Mac & Mobile

Had a Mac before it was cool to have Macs. Self-trained Apple security expert. Amateur photographer.