Skip to content
  • Active
  • Severity: Medium
  • Adware
  • Windows
  • Verified · Aug 2022

How to remove UniversalKey Mac virus

A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.

Gabriel E. Hall · Passionate web researcher

UniversalKey is a Mac virus that evades built-in defenses and harvests personal data

UniversalKey

UniversalKey is a potentially unwanted application and a browser extension that targets Mac systems exclusively. The main goal of the virus is to ensure that users are exposed to as many advertisements as possible, regardless of their quality, which means that phishing sites, scam messages, and similar malicious content becomes a regular occurrence.

While the main application is used to establish persistence[1] and provide its longevity on the system, the UniversalKey browser extension is the one that can change browser settings. For example, those affected might see that their homepage and new tab address of the browser are set to another URL and that their searches are redirected to another provider, such as Search Finder or Yahoo. Search results would also be filled with sponsored ads and links.

The UniversalKey virus is a member of a broad Adload malware strain, which has been a real menace for Mac users for the past five years. Since its discovery, several hundred variants have been released by cybercriminals behind it – DirectNetwork, ProcesserGrid, and CommonCreative are just a few examples we have recently talked about.

Name UniversalKey
Type Mac virus, adware, browser hijacker
Malware family Adload
Distribution Usually spread via fake Flash Player updates or software bundles downloaded from illegal sites
Symptoms An extension installed on the browser with elevated permissions, along with an application of the same name; new profiles and login items set up on the account; malicious ads shown during web browsing activities; search and browsing settings altered to Safe Finder or another search provider
Removal You can remove Mac malware with the help of powerful security tools, such as SpyHunterCombo Cleaner or MalwarebytesMalwarebytes. If you want to attempt to get rid of the infection yourself, check the manual instructions below
System optimization If you do not clean your browser from cookies and other web data, you see the unwanted ads return or data continue being tracked. Stop it with FortectIntego

Malware distribution and avoidance

Unlike sophisticated malware, UniversalKey is not spread using software vulnerabilities[2] or similar advanced methods. Instead, cybercriminals rely on more elementary delivery means – fake Flash Player updates and pirated application installers from high-risk sites.

Flash Player is a widely known plugin that was for many years used for multimedia playback online – this is why so many people recognize its name. Scammers are using it to their advantage and simply imply that the app is missing or needs to be updated, which allows them to insert malware and adware on victims' machines.

Flash has been long discontinued by its developer Adobe so if you ever get a request to install it, keep in mind that it is fake and would likely result in malware infection of your system.

Alternatively, users may also infect their systems with the virus whenever they download pirated software. Crooks bundle seemingly useful applications with UniversalKey or another malicious app, and users may install it without even realizing it. It is important to stay away from pirated content online, as it is known to be the perfect environment for malware creators.[3]

UniversalKey virus

UniversalKey removal steps

Since users are tricked into installing Adload versions on their systems, they unknowingly provide elevated permissions for the app when entering their AppleID into the confirmation prompt during the installation. This allows UniversalKey to exploit the built-in AppleScript to drop malicious files on the system, allowing it to stay running at all times without being removed.

New components, such as Login items or Profiles are created within the user account. This allows the virus to prevent its easy removal. This is why it is recommended to employ SpyHunterCombo Cleaner or MalwarebytesMalwarebytes security software to get rid of the virus automatically – if not all of the malicious components are removed, malware may return. You can follow the instructions below if you would want to attempt manual removal; browser cleaning is recommended for all users.

Remove the main app

Your first task is to stop the background processes from running during the elimination. This can be achieved by accessing the Activity Monitor and then getting rid of the main app:

  • Select Utilities
  • Double-click Activity Monitor
  • Here, look for suspicious processes related to adware and use the Force Quit command to shut them down
  • Go back to the Applications folder
  • Find UpgradedPlatform in the list and move it to Trash.

Your next target is the Login Items and unwanted Profiles created by the virus. These components might ensure persistence if not removed properly:

  • Go to Preferences and pick Accounts
  • Click Login items and delete everything suspicious
  • Next, pick System Preferences > Users & Groups
  • Find Profiles and remove unwanted profiles from the list.

Finally, you should get rid of the leftover files. The PLIST files are small config files, also known as “Properly list.” They hold various user settings and hold information about certain applications. To remove the virus, you have to find the related PLIST files and remove them.

  • Select Go > Go to Folder.
  • Enter /Library/Application Support and click Go or press Enter.
  • In the Application Support folder, look for any dubious entries and then delete them.
  • Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the related .plist files.Uninstall from Mac 2

Clean your browsers

UniversalKey extension fulfills an important role within the virus' operation cycle. This component ensures that browser settings are altered (homepage, new tab address, and the search provider) and that a steady flow of ads is being fed to users.

In addition, it can also be used to harvest personal details about anyone who has it installed, thanks to elevated permissions it is granted during the installation of the virus. Without a doubt, this can bring serious privacy issues and can even result in identity theft, thus, removing this extension is extremely important.

Safari

  • Click Safari > Preferences…
  • In the new window, pick Extensions.
  • Select the unwanted extension and select Uninstall.Remove extensions from Safari

Google Chrome

  • Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
  • In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove.Remove extensions from Chrome

It is very important to clean browser caches after the virus is eliminated. Adware and malware use dedicated trackers to harvest various user information, including visited websites, clicked links, search queries, and other details. In order to stop these unwanted activities, you have to delete cookies and other items that are stored locally. You can employ FortectIntego for this job or proceed with the following manual steps:

Safari

  • Click Safari > Clear History…
  • From the drop-down menu under Clear, pick all history.
  • Confirm with Clear History.Clear cookies and website data from Safari

Google Chrome

  • Click on Menu and pick Settings.
  • Under Privacy and security, select Clear browsing data.
  • Select Browsing history, Cookies and other site data, as well as Cached images and files.
  • Click Clear data.Clear cache and web data from Chrome

If you cannot delete the extension regularly, you can reset the browser to ensure it is uninstalled properly. Perform the following steps:

Safari

  • Click Safari > Preferences…
  • Go to the Advanced tab.
  • Tick the Show Develop menu in the menu bar.
  • From the menu bar, click Develop, and then select Empty Caches.Reset Safari

Google Chrome

  • Click on Menu and select Settings.
  • In the Settings, scroll down and click Advanced.
  • Scroll down and locate Reset and clean up section.
  • Now click Restore settings to their original defaults.
  • Confirm with Reset settings.Reset Chrome 2

Be the first to comment

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.