ExpressionCargo Mac virus (virus) - Free Guide
ExpressionCargo Mac virus Removal Guide
What is ExpressionCargo Mac virus?
ExpressionCargo uses malicious techniques of distribution and operation
ExpressionCargo is a malicious Mac application that might steal your personal information
ExpressionCargo is a Mac virus that belongs to a broad family of Adload, which consists of hundred of previously-released versions. While the app is categorized mainly as adware, it has plenty of other malicious qualities, including browser-hijacking, persistence, and obfuscation.[1] Overall, it is considered malware by most security vendors and can be particularly damaging to those infected.
The main goal of the ExpressionCargo virus is to make sure users are exposed to advertisements as much as possible. For that, it changes the homepage and new tab settings of Safari or another browser, forcing users to search the web via alternative providers. Usually, the top of the search results are then littered with various insecure commercial links, and users are more likely to encounter pop-ups, banners,in-text links, auto-play videos, and other types of ads while browsing.
Name | ExpressionCargo |
Type | Mac virus, adware, browser hijacker |
Malware family | Adload |
Distribution | Fake Flash Player installers or pirated software from high-risk sources |
Symptoms | A new extension is installed on the browser, along with an application of the same name; search and browsing settings altered to an alternative search provider; new profiles and login items set up on the account; intrusive ads and redirects |
Removal | You can employ powerful security software to check your system for infections, for example, SpyHunter 5Combo Cleaner. The manual PUA uninstall guide is also available below |
Other tips | After you get rid of the infection, we recommend you also scan your machine with FortectIntego to clean your browsers and junk that the infection might have left |
Distribution and operation
Adload versions, such as ExpressionCargo, ElementForce, AdvanceServices, CompellingEntry, and similar, are commonly spread via methods considered to be malicious. That being said, they are the most common ways how Mac users could get infected with malware – fake Flash Player update prompts and pirated application installers.
First of all, we recommend that all users stay away from illegal applications. Not only is that illegal, but it can seriously infect your Mac. Every time an app from an unknown source is installed by a user, their credentials for Apple ID are requested. This allows malicious software within the installer to operate with elevated permissions immediately, and this is precisely what ExpressionCargo and other malware do.
Another thing to look out for is fake Flash Player installers. These can be found on various malicious websites users typically encounter after being redirected – either from the said torrent sites, illegal video streaming/conversion, and similar. In other words, people are more likely to be exposed to malicious content when visiting high-risk places in the first place.
ExpressionCargo virus spreads via fake Flash installers
A few years ago, Flash Player has been discontinued by Adobe, its creator,[2] so you should not believe any of the prompts you see on various websites. All you can do by installing these is infect your system with malware. Note that other dangerous malware strains, such as Shlayer or Bundlore, are also distributed in the exact same manner.
Malware removal steps
Upon infiltration, ExpressionCargo runs on the system with elevated permissions with the help of the built-in AppleScript, which allows it to establish itself very well. This includes allowing the browser extension to steal personal user data such as credit card details or account information and also preventing the built-in Mac defenses (Gatekeeper and XProtect) from removing the threat automatically.[3]
This is why we strongly advise running a scan with powerful anti-malware, such as SpyHunter 5Combo Cleaner or Malwarebytes, instead of relying on manual elimination steps. Security software can find and remove all the malicious components automatically for you, so you won't have to worry about the virus returning. It is noteworthy that you should still check your browser as per the instructions below, regardless of which removal method you pick.
1. Remove the main app and its components
- Open Applications folder
- Select Utilities
- Double-click Activity Monitor
- Here, look for suspicious processes and use the Force Quit command to shut them down
- Go back to the Applications folder
- Find the malicious entry and place it in Trash.
Login Items and unwanted Profiles might prevent the removal of malicious applications. Get rid of them as follows:
- Go to Preferences and select Accounts
- Click Login items and delete everything suspicious
- Next, pick System Preferences > Users & Groups
- Find Profiles and remove unwanted profiles from the list.
- Go to Preferences > Accounts > Login items and remove the malicious entries.
Finally, you should delete the remaining files of the virus, which can be found as follows:
- Select Go > Go to Folder.
- Enter /Library/Application Support and click Go or press Enter.
- In the Application Support folder, look for any dubious entries and then delete them.
- Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the related .plist files.
2. Take care of your browsers
When it comes to your Safari browser, you should first get rid of the browser extension under the same name – it should have a distinctive magnifying glass icon on a teal background. Removing this component is vital, as the app would continue to track personal information using the extension (note: opt for browser reset if this step is impossible):
- Click Safari > Preferences…
- In the new window, pick Extensions.
- Select the unwanted extension and select Uninstall.
Removing web cache and browser data can mean a lot when trying to eliminate the traces of potentially unwanted applications. Adware often uses cookies and other tracking technologies to capture user information and later shares it with third parties, which can compromise one's privacy.
It is also recommended to clean browsers for security reasons, as cookie hijacking can be a very dangerous occurrence. In any case, you can clear all caches automatically with the help of the FortectIntego maintenance utility or perform the steps below:
- Click Safari > Clear History…
- From the drop-down menu under Clear, pick all history.
- Confirm with Clear History.
If some or all of the steps above were impossible to do, you could always opt for a browser reset.
- Click Safari > Preferences…
- Go to the Advanced tab.
- Tick the Show Develop menu in the menu bar.
- From the menu bar, click Develop, and then select Empty Caches.
Note: if you are using Google Chrome or Mozilla Firefox, check for the instructions below.
Getting rid of ExpressionCargo Mac virus. Follow these steps
Remove from Google Chrome
Delete malicious extensions from Google Chrome:
- Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
- In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove.
Clear cache and web data from Chrome:
- Click on Menu and pick Settings.
- Under Privacy and security, select Clear browsing data.
- Select Browsing history, Cookies and other site data, as well as Cached images and files.
- Click Clear data.
Change your homepage:
- Click menu and choose Settings.
- Look for a suspicious site in the On startup section.
- Click on Open a specific or set of pages and click on three dots to find the Remove option.
Reset Google Chrome:
If the previous methods did not help you, reset Google Chrome to eliminate all the unwanted components:
- Click on Menu and select Settings.
- In the Settings, scroll down and click Advanced.
- Scroll down and locate Reset and clean up section.
- Now click Restore settings to their original defaults.
- Confirm with Reset settings.
Remove from Mozilla Firefox (FF)
Remove dangerous extensions:
- Open Mozilla Firefox browser and click on the Menu (three horizontal lines at the top-right of the window).
- Select Add-ons.
- In here, select unwanted plugin and click Remove.
Reset the homepage:
- Click three horizontal lines at the top right corner to open the menu.
- Choose Options.
- Under Home options, enter your preferred site that will open every time you newly open the Mozilla Firefox.
Clear cookies and site data:
- Click Menu and pick Settings.
- Go to Privacy & Security section.
- Scroll down to locate Cookies and Site Data.
- Click on Clear Data…
- Select Cookies and Site Data, as well as Cached Web Content and press Clear.
Reset Mozilla Firefox
If clearing the browser as explained above did not help, reset Mozilla Firefox:
- Open Mozilla Firefox browser and click the Menu.
- Go to Help and then choose Troubleshooting Information.
- Under Give Firefox a tune up section, click on Refresh Firefox…
- Once the pop-up shows up, confirm the action by pressing on Refresh Firefox.
How to prevent from getting adware
Choose a proper web browser and improve your safety with a VPN tool
Online spying has got momentum in recent years and people are getting more and more interested in how to protect their privacy online. One of the basic means to add a layer of security – choose the most private and secure web browser. Although web browsers can't grant full privacy protection and security, some of them are much better at sandboxing, HTTPS upgrading, active content blocking, tracking blocking, phishing protection, and similar privacy-oriented features. However, if you want true anonymity, we suggest you employ a powerful Private Internet Access VPN – it can encrypt all the traffic that comes and goes out of your computer, preventing tracking completely.
Lost your files? Use data recovery software
While some files located on any computer are replaceable or useless, others can be extremely valuable. Family photos, work documents, school projects – these are types of files that we don't want to lose. Unfortunately, there are many ways how unexpected data loss can occur: power cuts, Blue Screen of Death errors, hardware failures, crypto-malware attack, or even accidental deletion.
To ensure that all the files remain intact, you should prepare regular data backups. You can choose cloud-based or physical copies you could restore from later in case of a disaster. If your backups were lost as well or you never bothered to prepare any, Data Recovery Pro can be your only hope to retrieve your invaluable files.
- ^ Simple Malware Obfuscation Techniques. Security Boulevard. Security Bloggers Network.
- ^ Tim Brookes. Adobe Flash is Dead: Here’s What That Means. How-to Geek. Site that explains technology.
- ^ Phil Stokes. How AdLoad macOS Malware Continues to Adapt & Evade. SentinelLabs. Security research blog.