Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

CheMillan

macrumors regular
Original poster
Jan 5, 2015
107
60
Los Angeles
I was installing MplayerX when Safari opened and all kinds of weird windows were popping up and disappearing too fast including the MacKeeper application window. The MplayerX installer must have had MacKeeper bundled inside it so I immediately took action to contain the damage. I disconnected my Mac Pro from the internet, closed all the popup windows and quit Safari. I used EasyFind to search for any malware apps and sure enough EasyFind found the following files and folders: MacKeeper, MegaBackup, some Yahoo helper search tool, and several files inside the LaunchAgents folder dated today. I moved all files to the Trash, restarted the Mac Pro, empty the Trash, then opened Malwarebytes to scan for any leftover crapware. Malwarebytes reported no other threats found. All is well, I hope so.
 
I was installing MplayerX when Safari opened and all kinds of weird windows were popping up and disappearing too fast including the MacKeeper application window. The MplayerX installer must have had MacKeeper bundled inside it so I immediately took action to contain the damage. I disconnected my Mac Pro from the internet, closed all the popup windows and quit Safari. I used EasyFind to search for any malware apps and sure enough EasyFind found the following files and folders: MacKeeper, MegaBackup, some Yahoo helper search tool, and several files inside the LaunchAgents folder dated today. I moved all files to the Trash, restarted the Mac Pro, empty the Trash, then opened Malwarebytes to scan for any leftover crapware. Malwarebytes reported no other threats found. All is well, I hope so.

If I may offer some reassurance; you did the right thing and you'll be all fine from here. There are very few points of infection on OS X. Malware is so frustrating and we can all get caught out by it at the best of times.

Best wishes :)
 
I just checked since I have been using MPlayerX for years, and didn't remember anything other than a normal install.

I then realized the situation. MPlayerX can be installed via their own web site (with the crapware & mackeeper scamware that is mentioned above) OR the Mac App Store. The mac app store version is old (last updated May 2012) but it works good and does not come with the spyware issues.

In the Mac App store, the developers actually tell people to download a later version of MPlayerX from them instead of apple, how is this allowed in the App Store?
 
  • Like
Reactions: keysofanxiety
I just checked since I have been using MPlayerX for years, and didn't remember anything other than a normal install.

I then realized the situation. MPlayerX can be installed via their own web site (with the crapware & mackeeper scamware that is mentioned above) OR the Mac App Store. The mac app store version is old (last updated May 2012) but it works good and does not come with the spyware issues.

In the Mac App store, the developers actually tell people to download a later version of MPlayerX from them instead of apple, how is this allowed in the App Store?


Thanks guys,

This is the first time I’ve ever experienced something like this and it freaked me out pretty good then I got angry and realized that getting angry was not going to help. I had to stay focus long enough to do some damage control. My Mac Pro survived this kind of attack but what about next time?
 
Just this morning, I ran Malwarebytes anti-Malware for Mac (which up until today "finds nothing"), and it threw up MplayerX as "malware".

I removed it.

A search of "Mplayer" reveals this:
https://malwaretips.com/blogs/ads-by-mplayerx-removal/

Probably not worth keeping around!


MplayerX has been flagged and identified as a malware threat by Malwarebytes. I would never again trust this app, not even the one available in the Mac App Store.
 
Yup, due to the fact that MPlayerX has been repeatedly affiliated with adware installers, and the fact that the installer downloaded directly from the official MPlayerX site is loaded with adware, we've classified MPlayerX as a "PUP" (potentially unwanted program).

Not only that, but the MPlayerX installer behaves differently depending on how you're running it. If you run it in a virtual machine - which means you're probably a security researcher trying to see how it behaves in an isolated system - it won't install any adware at all. Run the same installer on a normal system and it installs tons of crap. That's malware-like, analysis-avoiding behavior!

We've been working on taking a much more aggressive stance towards programs like this lately.
 
  • Like
Reactions: Weaselboy
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.