September 22, 2015
The sample of Adware.Mac.WeDownload.1, analyzed in Doctor Web virus laboratory, is disguised as a distribution package of Adobe Flash Player containing the following digital signature: "Developer ID Application: Simon Max (GW6F4C87KX)". This downloader is distributed via an affiliate program focused on generating income from file downloads.
Once an appropriate request is sent, Adware.Mac.WeDownload.1 receives a list of applications that the user will be prompted to install. The list includes not only unwanted programs but also malicious ones, including Program.Unwanted.MacKeeper, Mac.Trojan.Crossrider, Mac.Trojan.Genieo, Mac.BackDoor.OpinionSpy, various Trojans belonging to the Trojan.Conduit family, and some other dangerous applications.
The total number and types of programs depend on the victim's geolocation. If the list of applications is empty, the user will not be offered to install anything else except for their original choice.
Doctor Web security researchers would like to remind users of Apple computers to be careful and to download applications only from reliable sources. The signature of Adware.Mac.WeDownload.1 has been added to Dr.Web virus database for OS X, and, therefore, this downloader poses no threat to our users.
Tell us what you think
You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.