Tradexic Mac adware (virus) - Free Instructions

What is Tradexic Mac adware?

Tradexic is a version of prevalent Mac malware that shouldn't be ignored

Tradexic is Mac malware that that takes over your browser to show you ads and gather personal information

Tradexic is a rogue application that you might find installed on your Mac one day. It stems from a widespread malware family known as Adload, which has had numerous versions under its belt since its first sighting back in 2018. The variants of the virus are plenty and, while are constantly being released under the different names and different color backgrounds of an icon (which remains the same – a distinctive magnifying glass), their primary distribution and operation method mostly remain unchanged.

Since victims find the app installed on their system seemingly out of nowhere, it is clear that its distribution is not legitimate. In most cases, users either install it during the installation of illegal, pirated software or after they are tricked by a fake Flash Player (or other well-recognized software) update.

Once installed on the system, the Tradexic virus performs a variety of changes to it. Most notable, one would notice a suspicious browser extension with the gray icon of a magnifying glass installed on Safari, Google Chrome, Mozilla Firefox, or another browser, which also changes the homepage and other settings. Previous versions of malware used to change it to Safe Finder, although it can be something else under different circumstances.

The main goal of the threat is to show users all types of advertisements whenever they use their browsers. These ads might be malicious, and the installation of other dangerous software can be imminent. In fact, some of the Adload versions can even install additional apps in the background.

In this article, you will find all the information needed to remove the infection effectively and provide information for precautionary measures to avoid being infected with malicious software in the future.

Distribution and prevention

It was once believed that Macs can't get infected due to the way they execute code in a segregated environment. Besides, Macs were not as attractive for cybercriminals because the number of these users was much less than those of Windows.

In recent years, the popularity of these operating systems drastically increased, and so did the interest of malicious parties. There are now plenty of malware strains that target macOS, and, in 2020, it was determined that malware targeting Macs had outpaced that of Windows.^[1]

That being said, the spread of infections directly correlates with how effective they are. In the case of Adload, there are a few different ways how users get infected, which include software bundles downloaded from websites that distribute illegal software or fake updates.

First of all, you should always stay away from high-risk websites that let visitors download illegal installers of otherwise paid software and video games. In fact, software cracks and illegal installers are some of the most common ways to infect one's computer with dangerous malware,^[2] as the security measures used there are minuscule.

Likewise, you should be aware that Flash Player was terminated by Adobe at the start of 2021 and is no longer supported. There are plenty of alternative technologies that replaced it, and there are no circumstances you would need it installed on your computer nowadays.

Adload mainly spreads through fake Flash Player update prompts or pirated software sites

Remove Tradexic effectively

Adload is one of the most prominent adware families that targets Macs. It has hundreds of versions that have affected thousands of users so far, thanks to the deceptive distribution methods that are extremely successful.

Initially categorized as adware, Adload is much more than that. Once users install it intentionally (they need to enter their AppleID to allow the app to be installed in the first place), it utilizes the built-in AppleScript^[3] to make several changes to the system. First of all, the browser extension is installed with elevated permissions which allows it to scrape users' passwords and other personal information they type in during web browser sessions.

It also imports its own components and files that even further complicate the removal and detection of the infection by the Gatekeeper and XProtect. Therefore, if you want to successfully remove the infection without failing, we recommend you install an effective third-party security application, such as SpyHunter 5Combo Cleaner or Malwarebytes, and perform a full system scan with it. The below steps would not be necessary with an effective automatic removal, although we still recommend checking them.

1. Terminate malicious processes and remove the main app

First of all, you should make sure that malware's processes are not running in the background, as they might interfere with Tradexic removal.

• Open Applications folder
• Select Utilities
• Double-click Activity Monitor
• Here, look for suspicious processes and use the Force Quit command to shut them down

Your next task is to find and remove the main application that may be installed on your device:

• From the menu bar, select Go > Applications.
• In the Applications folder, look for all related entries.
• Click on the app and drag it to Trash (or right-click and pick Move to Trash)

2. Delete Login Items and unwanted Profiles

Malware creates new items in Profiles and Login items sections in order to perform its malicious activities. They can be found and removed from the following locations:

• Go to Preferences and pick Accounts
• Click Login items and delete everything suspicious
• Next, pick System Preferences > Users & Groups
• Find Profiles and remove unwanted profiles from the list.

3. Remove the remnants

You should also look for leftovers – .plist files. These are configuration files that might enable adware to work more efficiently:

• Select Go > Go to Folder.
• Enter /Library/Application Support and click Go or press Enter.
• In the Application Support folder, look for any dubious entries and then delete them.
• Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the related .plist files.

Final step: clean your browsers

Web browsers are important tools for Tradexic adware to fulfill its functions. With the help of an extension, it can spam users with promotional campaigns and gain monetary benefits from sponsored links and ads in the process. The first task is to eliminate the malicious extension from the browser:

Safari

1. Click Safari > Preferences…
2. In the new window, pick Extensions.
3. Select the unwanted extension and select Uninstall.

Google Chrome

1. Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
2. In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove.

Note that you might not be able to eliminate the extension effectively due to its persistence mechanisms. In such a case, we recommend resetting the browser:

Safari

• Click Safari > Preferences…
• Go to the Advanced tab.
• Tick the Show Develop menu in the menu bar.
• From the menu bar, click Develop, and then select Empty Caches.

Google Chrome

1. Click on Menu and select Settings.
2. In the Settings, scroll down and click Advanced.
3. Scroll down and locate Reset and clean up section.
4. Now click Restore settings to their original defaults.
5. Confirm with Reset settings.

If the extension was removed successfully, make sure you clean the web browser's caches in order to prevent tracking cookies from doing their job:

Safari

1. Click Safari > Clear History…
2. From the drop-down menu under Clear, pick all history.
3. Confirm with Clear History.

Google Chrome

1. Click on Menu and pick Settings.
2. Under Privacy and security, select Clear browsing data.
3. Select Browsing history, Cookies and other site data, as well as Cached images and files.
4. Click Clear data.