Re: [MacGroup] Flash again...

2018-04-29 Thread John Robinson 
Harry, it seems the Profiles is changed via the terminal.  I didn’t need to dig 
into the method since I only update Flash through the company URL. 

John 

Sent from my iPhone

> On Apr 29, 2018, at 4:11 PM, Harry Jacobson-Beyer  wrote:
> 
> In the article it directs you to:
> 
>> but you can find the profile by going to System Preferences > Profiles.
> 
> I do not have a “profiles” section in system preferences.
> 
> 
> 
>> On Apr 29, 2018, at 3:13 PM, John Robinson  wrote:
>> 
>> 
>> This group is too aware for this but you may have friends that may need to 
>> be reminded.
>> 
>> John
>> 
>> 
>> 
>> How to Remove the New Mac Flash Malware ‘Crossrider’
>> Andrew OrrApr 25th, 2018 4:56 PM EDT
>> A variant of the Crossrider adware has been spotted in the wild. It’s Mac 
>> Flash malware and different than the original breed because it installs 
>> certain configuration profiles to stay persistent (via Malwarebytes).
>> 
>> [2017 McAfee Threat Report Shows Spike in Mac Malware]
>> 
>> Mac Flash Malware
>> 
>> This strain of Crossrider comes in the form of a fake Adobe Flash Player 
>> installer. Pretty typical for macOS and nothing we haven’t seen before. But 
>> this one is a bit different. As you install it, it automatically installs 
>> Advanced Mac Cleaner, which uses Siri’s voice to tell you it found a problem.
>> 
>> But behind the scenes, it locks Safari’s homepage to a Crossrider domain, 
>> and can’t easily be changed. This is due to a configuration profile, which 
>> is a method that IT admins use to control the behavior of Macs in bulk, like 
>> in a company.
>> 
>> 
>> 
>> This configuration profile forces Safari and Chrome (if you have it 
>> installed) to always open a page at chumsearch.com. You can’t change it via 
>> Safari preferences, but you can find the profile by going to System 
>> Preferences > Profiles.
>> 
>> How to Remove It
>> 
>> Luckily, removing it is fairly straightforward and involves a couple of 
>> Terminal commands. If you’re on macOS 10.12 or earlier, use the command:
>> 
>> sudo profiles -L
>> Although this works on macOS 10.13, another command may be better:
>> 
>> sudo profiles list
>> 
>> 
>> Then, look for an unfamiliar profile. In this case, the identifier is 
>> com.myshopcoupon.www. On macOS 10.12 or earlier, type:
>> 
>> sudo profiles -R -p com.myshopcoupon.www
>> On macOS 10.13:
>> 
>> sudo profiles remove -identifier com.myshopcoupon.www
>> Other than that, the malware doesn’t seem to do much damage to your system. 
>> Additionally, for most users fake Adobe Flash Players are easy to avoid. 
>> Flash really isn’t needed anymore, but if you do need it, make sure to only 
>> download it from Adobe’s official website.
>> 
>> ___
>> MacGroup mailing list
>> Posting address: MacGroup@erdos.math.louisville.edu
>> Archive: 
>> 
>> Answers to questions: 
> 
> 
> ___
> MacGroup mailing list
> Posting address: MacGroup@erdos.math.louisville.edu
> Archive: 
> 
> Answers to questions: 

___
MacGroup mailing list
Posting address: MacGroup@erdos.math.louisville.edu
Archive: 
Answers to questions:

Re: [MacGroup] Flash again...

2018-04-29 Thread Harry Jacobson-Beyer 
In the article it directs you to:

> but you can find the profile by going to System Preferences > Profiles.

I do not have a “profiles” section in system preferences.



> On Apr 29, 2018, at 3:13 PM, John Robinson  wrote:
> 
> 
> This group is too aware for this but you may have friends that may need to be 
> reminded.
> 
> John
> 
> 
>  
> How to Remove the New Mac Flash Malware ‘Crossrider’
> Andrew OrrApr 25th, 2018 4:56 PM EDT
> A variant of the Crossrider adware has been spotted in the wild. It’s Mac 
> Flash malware and different than the original breed because it installs 
> certain configuration profiles to stay persistent (via Malwarebytes).
> 
> [2017 McAfee Threat Report Shows Spike in Mac Malware]
> 
> Mac Flash Malware
> 
> This strain of Crossrider comes in the form of a fake Adobe Flash Player 
> installer. Pretty typical for macOS and nothing we haven’t seen before. But 
> this one is a bit different. As you install it, it automatically installs 
> Advanced Mac Cleaner, which uses Siri’s voice to tell you it found a problem.
> 
> But behind the scenes, it locks Safari’s homepage to a Crossrider domain, and 
> can’t easily be changed. This is due to a configuration profile, which is a 
> method that IT admins use to control the behavior of Macs in bulk, like in a 
> company.
> 
> 
> 
> This configuration profile forces Safari and Chrome (if you have it 
> installed) to always open a page at chumsearch.com. You can’t change it via 
> Safari preferences, but you can find the profile by going to System 
> Preferences > Profiles.
> 
> How to Remove It
> 
> Luckily, removing it is fairly straightforward and involves a couple of 
> Terminal commands. If you’re on macOS 10.12 or earlier, use the command:
> 
> sudo profiles -L
> Although this works on macOS 10.13, another command may be better:
> 
> sudo profiles list
> 
> 
> Then, look for an unfamiliar profile. In this case, the identifier is 
> com.myshopcoupon.www. On macOS 10.12 or earlier, type:
> 
> sudo profiles -R -p com.myshopcoupon.www
> On macOS 10.13:
> 
> sudo profiles remove -identifier com.myshopcoupon.www
> Other than that, the malware doesn’t seem to do much damage to your system. 
> Additionally, for most users fake Adobe Flash Players are easy to avoid. 
> Flash really isn’t needed anymore, but if you do need it, make sure to only 
> download it from Adobe’s official website.
> 
> ___
> MacGroup mailing list
> Posting address: MacGroup@erdos.math.louisville.edu
> Archive: 
> 
> Answers to questions: 


___
MacGroup mailing list
Posting address: MacGroup@erdos.math.louisville.edu
Archive: 
Answers to questions:

[MacGroup] Flash again...

2018-04-29 Thread John Robinson 

This group is too aware for this but you may have friends that may need to be 
reminded.

John


 
How to Remove the New Mac Flash Malware ‘Crossrider’
Andrew OrrApr 25th, 2018 4:56 PM EDT
A variant of the Crossrider adware has been spotted in the wild. It’s Mac Flash 
malware and different than the original breed because it installs certain 
configuration profiles to stay persistent (via 

 Malwarebytes 
).

[2017 McAfee Threat Report Shows Spike in Mac Malware 
]

Mac Flash Malware

This strain of Crossrider comes in the form of a fake Adobe Flash Player 
installer. Pretty typical for macOS and nothing we haven’t seen before. But 
this one is a bit different. As you install it, it automatically installs 
Advanced Mac Cleaner, which uses Siri’s voice to tell you it found a problem.

But behind the scenes, it locks Safari’s homepage to a Crossrider domain, and 
can’t easily be changed. This is due to a configuration profile, which is a 
method that IT admins use to control the behavior of Macs in bulk, like in a 
company.



This configuration profile forces Safari and Chrome (if you have it installed) 
to always open a page at chumsearch.com. You can’t change it via Safari 
preferences, but you can find the profile by going to System Preferences > 
Profiles.

How to Remove It

Luckily, removing it is fairly straightforward and involves a couple of 
Terminal commands. If you’re on macOS 10.12 or earlier, use the command:

sudo profiles -L
Although this works on macOS 10.13, another command may be better:

sudo profiles list


Then, look for an unfamiliar profile. In this case, the identifier is 
com.myshopcoupon.www. On macOS 10.12 or earlier, type:

sudo profiles -R -p com.myshopcoupon.www
On macOS 10.13:

sudo profiles remove -identifier com.myshopcoupon.www
Other than that, the malware doesn’t seem to do much damage to your system. 
Additionally, for most users fake Adobe Flash Players are easy to avoid. Flash 
really isn’t needed anymore, but if you do need it, make sure to only download 
it from Adobe’s official website.___
MacGroup mailing list
Posting address: MacGroup@erdos.math.louisville.edu
Archive: 
Answers to questions: