Help! Chrome (Mac OS10) keeps opening new windows – malware?

Aaargh – beginning to drive me up the wall.

Despite the sheer volume of pron I watch, I seem to have escaped so far (stick to the vanilla sites I do), and this started shortly after streaming a rugby or football game (a few weeks ago, can’t remember). Should have known better.

Anyway, I just keep getting pop-ups telling me I have a virus and that I should install MacKeeper, MacAfee, Pen15Extender, Vi4gr4PurchaseTools etc etc.

Is this Malware? Is it just infecting Chrome? Or is it infecting elsewhere?

I’ve tried a few suggestions from googling, but can’t seem to get rid of it. 😡

Any ideas?

Currently scanning with Malwarebytes. Anything else worth trying (bearing in mind it’s a mac, not a windows machine).

Check Chrome for rogue plug-ins or add-ons or extensions or whatever they’re called this week.

Cheers dude.

Malwarebytes found quite a few – all in chrome. Have removed and restarting now.

Ah, all seems good! 🙂

I thought macs didn’t get viruses? Does this mean I can’t use mine for grumble?

I thought macs didn’t get viruses?

I dunno…never had one, but apparently chrome can be affected with malware so there ya go. 😛

Anything can be affected by malware. What Macs have on their side is numbers, if you’re writing malware you don’t typically target a platform that has like 2% of the market share.

It’s an interesting point about Chrome though. I need to give that some thought.

Anything can be affected by malware. What Macs have on their side is numbers, if you’re writing malware you don’t typically target a platform that has like 2% of the market share.

It’s an interesting point about Chrome though. I need to give that some thought.

I hear ya. I’ve always thought that the reason I don’t have get viruses on the mac is mainly down to statistics and a few other things, but really, it’s numbers. Anyway, malwarebytes was excellent – a few minutes to download-install-scan-delete and all is good now. I probably should have copied and pasted the malware – I think it was mostly “adware” though? So, while browsing STW, page becomes unresponsive to click, then one more click, STW opens in new window and existing window is replaced by various anti-virus ads.

I thought macs didn’t get viruses? Does this mean I can’t use mine for grumble?

Weeeeelll, there are more ‘exploits’ around these days, just because the platform is more widely spread, instead of being basically a tool used by graphic arts professionals, but more seem to be aimed at various applications that run on OSX, like this Chrome one, that spread crap around, and mail-based ones that propagate through mail hosting and are doing much the same.
There used to be one years ago that spread via infected photoshop files, that one was a bastard to get rid of, it would get into the file system, and slow machines up dramatically, trouble was agencies refused to accept their files were infected, and wouldn’t do a virus check on their own systems,so even if you returned clean files to them, they’d just stuff the clean files back onto their computers, which would infect them again, and they’d then return them with modifications and corrections and viruses all over again.
The overriding background noise was the sound of teeth grinding…

MBAM is great under Windows, it’s almost always my opening salvo with malware. I’ve no experience with it under OSX though.

So, yeah. AFAIK, Chrome plug-ins are essentially Javascript, so should run independently of platform (in the same way that you don’t need separate Windows and Mac versions of web pages). So the Mac version of Chrome will be susceptible to the same hostile web pages / rogue plug-ins as the Windows version – it’s Chrome that’s running the code, not the OS.

Anything that requires access to the base OS should a) be sandboxed off and b) require platform-specific binaries, so the stuff redirecting you to download “AV” will probably fail unless they’ve specifically targeted OSX as well as Windows. But browser hijacks, redirects etc will be fair game across the board.

I think, anyway.

Anything that requires access to the base OS should a) be sandboxed off and b) require platform-specific binaries, so the stuff redirecting you to download “AV” will probably fail unless they’ve specifically targeted OSX as well as Windows. But browser hijacks, redirects etc will be fair game across the board.

I don’t understand a word of that. Well, I do understand the words individually, but when you put them altogether, I’m lost. 😆

You can get browser attacks regardless of whether it’s Windows or OSX, it’s the browser that’s the common denominator.

Yeah, I realise when I watch sports on streaming sites that I end up closing pop-ups endlessly until I get a stream, but I’d never ended up with the problem after I’d finished illegally consuming paid-for content.

Have pm’d you the log.

Sophos is free for mac, consider installing that to protect from future issues.

I’ve had that before somo and it’s good, but we have an old beast and it slowed it down quite a bit – especially on start up.

Have pm’d you the log.

So you have. Here may be relevant:

https://chrome.google.com/webstore/detail/photo-zoom-for-facebook/elioihkkcdgakfbahdoddophfngopipi?hl=en

WE WERE HACKED!
—————
8/31/2016

First off, everything is going back to normal with a new build being released.

Someone hacked the most popular extension on the Chrome store and was able to update it with malware that redirected users to bad advertisement websites in a ploy to make a quick bucks.

It is infuriating that someone was able to do this, but we have removed the malware and are back on track.

As always, Photo Zoom does not want to run on any sites other than ours and Facebook (obviously) and certainly do not want your data at all.

We are so sorry for the inconvenience!

It’s bizarre to me though that this report was from nearly a year ago so this may be a red herring. Also flagged up is GoPhoto.IT and OptiBuy. The latter is interesting.

https://www.pcrisk.com/removal-guides/11280-optibuy-adware-mac

My guess is that she’s installed some software / download recently that has come bundled with adware and she’s failed to untick the “yes, please install lots of shit” box, rather than it being a drive-by on a website. Though I’d need a) access to the box and b) better knowledge of the Mac platform to give you anything approaching a vaguely definite answer.