Tradexic Mac adware (virus) - Free Instructions
Tradexic Mac adware Removal Guide
What is Tradexic Mac adware?
Tradexic is a version of prevalent Mac malware that shouldn't be ignored
Tradexic is Mac malware that that takes over your browser to show you ads and gather personal information
Tradexic is a rogue application that you might find installed on your Mac one day. It stems from a widespread malware family known as Adload, which has had numerous versions under its belt since its first sighting back in 2018. The variants of the virus are plenty and, while are constantly being released under the different names and different color backgrounds of an icon (which remains the same – a distinctive magnifying glass), their primary distribution and operation method mostly remain unchanged.
Since victims find the app installed on their system seemingly out of nowhere, it is clear that its distribution is not legitimate. In most cases, users either install it during the installation of illegal, pirated software or after they are tricked by a fake Flash Player (or other well-recognized software) update.
Once installed on the system, the Tradexic virus performs a variety of changes to it. Most notable, one would notice a suspicious browser extension with the gray icon of a magnifying glass installed on Safari, Google Chrome, Mozilla Firefox, or another browser, which also changes the homepage and other settings. Previous versions of malware used to change it to Safe Finder, although it can be something else under different circumstances.
The main goal of the threat is to show users all types of advertisements whenever they use their browsers. These ads might be malicious, and the installation of other dangerous software can be imminent. In fact, some of the Adload versions can even install additional apps in the background.
In this article, you will find all the information needed to remove the infection effectively and provide information for precautionary measures to avoid being infected with malicious software in the future.
name | Tradexic |
---|---|
Type | Mac virus, adware, browser hijacker |
Family | AdLoad |
Distribution | Usually spread via fake Flash Player installers or bundled along illegal software downloaded from torrent and similar sites |
Symptoms | Installs an extension to the browser that can not be deleted easily; changes homepage/new tab to Safe Finder, Akamaihd, or something else; redirects lead to potentially malicious or scam sites, promotes suspicious software, etc. |
Risks | Unknown extension installed on the web browser and can't be removed; homepage and new tab address altered to another provider; increased amount of advertisements |
removal | The easiest way to eliminate unwarned and malicious software on Macs is by performing a full system scan with SpyHunter 5Combo Cleaner security software. Alternatively, you can attempt to terminate the infection manually |
Additional tips | After you terminate the infection with all its associated components, we recommend you also scan your machine with FortectIntego for best results |
Distribution and prevention
It was once believed that Macs can't get infected due to the way they execute code in a segregated environment. Besides, Macs were not as attractive for cybercriminals because the number of these users was much less than those of Windows.
In recent years, the popularity of these operating systems drastically increased, and so did the interest of malicious parties. There are now plenty of malware strains that target macOS, and, in 2020, it was determined that malware targeting Macs had outpaced that of Windows.[1]
That being said, the spread of infections directly correlates with how effective they are. In the case of Adload, there are a few different ways how users get infected, which include software bundles downloaded from websites that distribute illegal software or fake updates.
First of all, you should always stay away from high-risk websites that let visitors download illegal installers of otherwise paid software and video games. In fact, software cracks and illegal installers are some of the most common ways to infect one's computer with dangerous malware,[2] as the security measures used there are minuscule.
Likewise, you should be aware that Flash Player was terminated by Adobe at the start of 2021 and is no longer supported. There are plenty of alternative technologies that replaced it, and there are no circumstances you would need it installed on your computer nowadays.
Adload mainly spreads through fake Flash Player update prompts or pirated software sites
Remove Tradexic effectively
Adload is one of the most prominent adware families that targets Macs. It has hundreds of versions that have affected thousands of users so far, thanks to the deceptive distribution methods that are extremely successful.
Initially categorized as adware, Adload is much more than that. Once users install it intentionally (they need to enter their AppleID to allow the app to be installed in the first place), it utilizes the built-in AppleScript[3] to make several changes to the system. First of all, the browser extension is installed with elevated permissions which allows it to scrape users' passwords and other personal information they type in during web browser sessions.
It also imports its own components and files that even further complicate the removal and detection of the infection by the Gatekeeper and XProtect. Therefore, if you want to successfully remove the infection without failing, we recommend you install an effective third-party security application, such as SpyHunter 5Combo Cleaner or Malwarebytes, and perform a full system scan with it. The below steps would not be necessary with an effective automatic removal, although we still recommend checking them.
1. Terminate malicious processes and remove the main app
First of all, you should make sure that malware's processes are not running in the background, as they might interfere with Tradexic removal.
- Open Applications folder
- Select Utilities
- Double-click Activity Monitor
- Here, look for suspicious processes and use the Force Quit command to shut them down
Your next task is to find and remove the main application that may be installed on your device:
- From the menu bar, select Go > Applications.
- In the Applications folder, look for all related entries.
- Click on the app and drag it to Trash (or right-click and pick Move to Trash)
2. Delete Login Items and unwanted Profiles
Malware creates new items in Profiles and Login items sections in order to perform its malicious activities. They can be found and removed from the following locations:
- Go to Preferences and pick Accounts
- Click Login items and delete everything suspicious
- Next, pick System Preferences > Users & Groups
- Find Profiles and remove unwanted profiles from the list.
3. Remove the remnants
You should also look for leftovers – .plist files. These are configuration files that might enable adware to work more efficiently:
- Select Go > Go to Folder.
- Enter /Library/Application Support and click Go or press Enter.
- In the Application Support folder, look for any dubious entries and then delete them.
- Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the related .plist files.
Final step: clean your browsers
Web browsers are important tools for Tradexic adware to fulfill its functions. With the help of an extension, it can spam users with promotional campaigns and gain monetary benefits from sponsored links and ads in the process. The first task is to eliminate the malicious extension from the browser:
Safari
- Click Safari > Preferences…
- In the new window, pick Extensions.
- Select the unwanted extension and select Uninstall.
Google Chrome
- Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
- In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove.
Note that you might not be able to eliminate the extension effectively due to its persistence mechanisms. In such a case, we recommend resetting the browser:
Safari
- Click Safari > Preferences…
- Go to the Advanced tab.
- Tick the Show Develop menu in the menu bar.
- From the menu bar, click Develop, and then select Empty Caches.
Google Chrome
- Click on Menu and select Settings.
- In the Settings, scroll down and click Advanced.
- Scroll down and locate Reset and clean up section.
- Now click Restore settings to their original defaults.
- Confirm with Reset settings.
If the extension was removed successfully, make sure you clean the web browser's caches in order to prevent tracking cookies from doing their job:
Safari
- Click Safari > Clear History…
- From the drop-down menu under Clear, pick all history.
- Confirm with Clear History.
Google Chrome
- Click on Menu and pick Settings.
- Under Privacy and security, select Clear browsing data.
- Select Browsing history, Cookies and other site data, as well as Cached images and files.
- Click Clear data.
How to prevent from getting adware
Choose a proper web browser and improve your safety with a VPN tool
Online spying has got momentum in recent years and people are getting more and more interested in how to protect their privacy online. One of the basic means to add a layer of security – choose the most private and secure web browser. Although web browsers can't grant full privacy protection and security, some of them are much better at sandboxing, HTTPS upgrading, active content blocking, tracking blocking, phishing protection, and similar privacy-oriented features. However, if you want true anonymity, we suggest you employ a powerful Private Internet Access VPN – it can encrypt all the traffic that comes and goes out of your computer, preventing tracking completely.
Lost your files? Use data recovery software
While some files located on any computer are replaceable or useless, others can be extremely valuable. Family photos, work documents, school projects – these are types of files that we don't want to lose. Unfortunately, there are many ways how unexpected data loss can occur: power cuts, Blue Screen of Death errors, hardware failures, crypto-malware attack, or even accidental deletion.
To ensure that all the files remain intact, you should prepare regular data backups. You can choose cloud-based or physical copies you could restore from later in case of a disaster. If your backups were lost as well or you never bothered to prepare any, Data Recovery Pro can be your only hope to retrieve your invaluable files.
- ^ Mikey Campbell. Mac malware outpaced Windows PCs threats for first time in 2019, report says. AppleInsider. Apple News, Rumors, Reviews, Prices & Deals.
- ^ Fake pirated software sites serve up malware droppers as a service. Sophos. Security research blog.
- ^ AppleScript. Wikipedia. The free encyclopedia.