Severity scale:  

Remove BufferKey (Removal Instructions) - Free Guide

removal by Olivia Morelli - - | Type: Adware

BufferKey is a Mac virus variant that targets users' personal data

BufferKeyBufferKey is a malicious application that targets Mac users

BufferKey is a potentially unwanted application that belongs to the Adload malware family, which mostly spreads via software bundle packages and fake Flash Player updates. As a result, Mac users allow the malicious app to access their devices after they type in their Apple login information into a warning prompt. Essentially, the BufferKey virus is a Trojan[1] when it comes to its distribution, as users never intend to install the app in the first place.

Once inside the system, BufferKey adware would establish a new profile and install a new browser extension on Safari, Google Chrome, or another web browser. Most of the users would also notice homepage and search engine changes that are most commonly set to Safe Finder or similar useless tools. All searches perfumed by such a hijacked browser would also cause several redirects to unknown sites.

Name BufferKey
Type Adware, Mac virus
Danger level Medium. Can be associated with malware infection
Distribution  Cybercriminals use software bundle packages on pirated software websites or fake Flash Player updates to deliver malicious app to users
  • An unknown browser extension installed on the web browser
  • Homepage and new tab address altered to Safe Finder or similar untrustworthy search provider
  • All searches are redirected several times though
  • Random browser redirects lead to scam, malware-laden, or similar sites
  • Popups, banners, in-text links, offers, deals, and other ads show up on most visited pages
Termination  To completely get rid of malware/adware from your macOS, perform a full system scan with powerful anti-malware software – we recommend using SpyHunter 5Combo Cleaner or Malwarebytes
Optimization  After you eliminate the infection, we recommend using Reimage Reimage Cleaner Intego for best results 

BufferKey is just one of many Adload apps that attack Mac users regularly – ArchimedesLookup, SectionBrowser, AgileHelp, ProductEvent, and many others, are just a few clones that operate in the exact same way. All the apps can be recognized by a blue/green/red magnifying glass icon that is presented next to the browser extension and the installed program. However, similarities do not end there.

By using misleading and deceptive distribution tactics, the BufferKey virus manages to trick many users into downloading this malicious app. Once installed, the app can establish several persistence components within the macOS by abusing the built-in AppleScript. For example, while checking various locations on the computer, users might find new login items, profiles, or malicious .plist files. These changes can greatly diminish the chances of successful BufferKey removal.

There are more malicious traits of the BufferKey adware. Since the app is installed with elevated permissions, it can grant itself access to various information that is located on the computer. For example, the extension that is clipped to the browser is capable of reading all types of sensitive data that you type while using the internet – the description states:

Permissions for “BufferKey 1.0”

Webpage contents
Can read sensitive information from webpages, including passwords, phone numbers, and credit cards on: all webpages

Browsing History
Can see when you visit: all webpages

As you can see, BufferKey acts a lot like malware, and, according to research, can often be associated with more serious malware infections such as Shlayer Trojan (security experts from Kaspersky found[2] that the malware is present on 10% of Macs worldwide). Thus, it is not uncommon for infected individuals to find more malicious extensions and apps installed on their computers.

BufferKey virusBufferKey is a Mac virus that installs browser extension without permission and sets homepage to Safe Finder

Since the main goal of BufferKey is to remain on the system for as long as possible and operate as adware, those infected can experience a variety of bothersome browser behavior while infected. Adware specializes in displaying users plenty of intrusive commercial content that the malicious actors monetize on. Thus, expect to see a lot of popups, redirects, hyperlinks, altered search results, and other ads during your browsing sessions.

You might not be able to uninstall BufferKey until you find and delete all the components that the malicious app placed on your system. However, this might be very time consuming and difficult, so you should instead trust security applications to do the job for you. If you experience lag or slowdowns after malware termination, you can delete junk and speed up your Mac with tools such as Reimage Reimage Cleaner Intego.

Macs are secure machines, as long as you don't let malware in

A myth that Macs don't get infected with malware has been around for years. While it is true that macOS is immune to some types of parasites (for example, worms), cybercriminals have been focusing on this platform much more and created malicious apps designed to exploit users. Macs offer a variety of built-in defenses, including Gatekeeper or XProtect. However, these built-in security options are not unbreakable, as users can be tricked into letting the infection in.

If you download an app from an unapproved source, macOS will ask you to enter your credentials. Of course, if it is a malicious app, you would never do it. However, if you believe that the app is legitimate (for example, you are installing a pirated version of MS Office suite, or you were told that your Flash Player is out of date),[3] you will allow it to gain access to your device.

Hence, you should not visit high-risk websites such as torrents, as they are often filled with malware-laden installs. Besides, Flash Player is an outdated plugin that is no longer required to play multimedia on websites. Another important point is keeping your macOS up to date, as cybercriminals might use exploits to break in.

BufferKey detectionBufferKey is detected by multiple security vendors

Remove BufferKey and all its components at once

Changed browser settings typically do not indicate a serious security threat. Nonetheless, any unapproved action on your computer should be investigated, as it can be related to malicious applications that might download and install other malware and compromise the system further. That is why timely BufferKey removal is very important. However, many users found that the process can be much more difficult than anticipated.

As previously mentioned, the BufferKey virus might set persistence mechanisms on your Mac. Therefore, moving it to Trash as you do with legitimate apps might not be enough. If you want to get rid of all the threat's components manually, you should check the following locations and delete all the related items:

  • System Preferences > Accounts> Login Items
  • System Preferences > Users&Groups > Profiles
  • ~/Library/LaunchAgents
  • ~/Library/Application Support
  • ~/Library/LaunchDaemons

If this process seems too complicated for you or you wish to remove BufferKey quickly, you should instead rely on powerful anti-malware instead. Besides, you can also reset your browsers if the extension is still present after a full computer scan.

You may remove virus damage with a help of Reimage Reimage Cleaner Intego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove BufferKey, follow these steps:

Eliminate BufferKey from Mac OS X system

To delete applications from macOS, follow these instructions:

  1. If you are using OS X, click Go button at the top left of the screen and select Applications. Cick 'Go' and select 'Applications'
  2. Wait until you see Applications folder and look for BufferKey or any other suspicious programs on it. Now right click on every of such entries and select Move to Trash. Click on every malicious entry and select 'Move to Trash'

Delete BufferKey from Mozilla Firefox (FF)

If you can't delete BufferKey extension from your Firefox browser, follow these steps:

Remove dangerous extensions:

  1. Open Mozilla Firefox browser and click on the Menu (three horizontal lines at the top-right of the window).
  2. Select Add-ons.
  3. In here, select plugins that are related to BufferKey and click Remove.Remove extensions from Firefox

Clear cookies and site data:

  1. Click Menu and pick Options.
  2. Go to Privacy & Security section.
  3. Scroll down to locate Cookies and Site Data.
  4. Click on Clear Data…
  5. Select Cookies and Site Data, as well as Cached Web Content and press Clear.Clear cookies and site data from Firefox

In case BufferKey did not get removed after following the instructions above, reset Mozilla Firefox:

  1. Open Mozilla Firefox browser and click the Menu.
  2. Go to Help and then choose Troubleshooting Information.Reset Firefox 1
  3. Under Give Firefox a tune up section, click on Refresh Firefox…
  4. Once the pop-up shows up, confirm the action by pressing on Refresh Firefox – this should complete BufferKey removal.Reset Firefox 2

Erase BufferKey from Google Chrome

Delete malicious extensions from Google Chrome:

  1. Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
  2. In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to BufferKey by clicking Remove.Remove extensions from Chrome

Clear cache and web data from Chrome:

  1. Click on Menu and pick Settings.
  2. Under Privacy and security, select Clear browsing data.
  3. Select Browsing history, Cookies and other site data, as well as Cached images and files.
  4. Click Clear data.Clear cache and web data from Chrome

If the above-methods did not help you, reset Google Chrome to eliminate all the BufferKey-components:

  1. Click on Menu and select Settings.
  2. In the Settings, scroll down and click Advanced.
  3. Scroll down and locate Reset and clean up section.
  4. Now click Restore settings to their original defaults.
  5. Confirm with Reset settings to complete BufferKey removal.Reset Chrome 2

Get rid of BufferKey from Safari

Reset Safari to ensure that no malicious components and settings are left on it:

Remove unwanted extensions from Safari:

  1. Click Safari > Preferences…
  2. In the new window, pick Extensions.
  3. Select the unwanted extension related to BufferKey and select Uninstall.Remove extensions from Safari

Clear cookies and other website data from Safari:

  1. Click Safari > Clear History…
  2. From the drop-down menu under Clear, pick all history.
  3. Confirm with Clear History.Clear cookies and website data from Safari

Reset Safari if the above-mentioned steps did not help you:

  1. Click Safari > Preferences…
  2. Go to Advanced tab.
  3. Tick the Show Develop menu in menu bar.
  4. From the menu bar, click Develop, and then select Empty Caches.Reset Safari

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. It is a hassle when your website is protected from suspicious connections and unauthorized IP addresses.

The best solution for creating a tighter network could be a dedicated/fixed IP address. If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for server or network manager that need to monitor connections and activities. This is how you bypass some of the authentications factors and can remotely use your banking accounts without triggering suspicious with each login. 

VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world. It is better to clock the access to your website from different IP addresses. So you can keep the project safe and secure when you have the dedicated IP address VPN and protected access to the content management system.

Backup files for the later use, in case of the malware attack

Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.

About the author
Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions


Your opinion regarding BufferKey