OSX/CrescentCore or CrescentCore Mac malware is a new malicious campaign currently targeting users in the wild. According to security experts, the malicious software is classified the next generation of a bogus Flash Player “virus” which is now capable of completely avoiding antimalicious software detection. Currently, Mac users are widely targeted across the Web, as CrescentCore lurks in bogus download sites as well as top-ranking Google search results.
As reported by Intego professionals, this viruses is indeed a Trojan horse software on a .Dmg disk image, and is masqueraded as an Adobe Flash Player installer. This spread method isn’t new at all because it has been indicated in Windows campaigns for years. The difference is, regardless, that CrescentCore is latest alongside other abilities which are intended to boost its evasion by anti-malware program utilities. Also, this isn’t the at the beginning such case against Mac people. A previous located Mac Trojan is the so-called Mac regulate “virus” which is found to spy on people’ actions.
Currently, the infection is being spread through fictitious app installers (.dmg file), but its distribution mechanisms could be updated in the near future to include:
So, how does the CrescentCore infection happen?
Of course, the user must open the .Dmg catalog and app alongside the Flash Player icon. The minute this is being done, the Trojan shall overview if it’s operating into a virtual system. Then, CrescentCore shall run a inspect to learn if there is a Mac antivirus utility software active on the os. If any of those two conditions is met, the virus will no go on its actions on this exact os.
If no AV a utility is detected, the virus will set up its attentive virus in the order of a LaunchAgent.
Security analysts claim that there is a second version of this infection which might set up Advanced MacCleaner on entered hosts, or a corrupt Safari browser plug-in.
Warning, multiple anti-virus scanners have detected possible malware in CrescentCore.
|VIPRE Antivirus||22702||Wajam (fs)|
|K7 AntiVirus||9.179.12403||Unwanted-Program ( 00454f261 )|
- Steals or uses your Confidential Data
- Shows Fake Security Alerts, Pop-ups and Ads.
- Distributes itself through pay-per-install or is bundled with third-party software.
- CrescentCore Deactivates Installed Security Software.
- CrescentCore Shows commercial adverts
- Redirect your browser to infected pages.
- Changes user's homepage
- Installs itself without permissions
- Integrates into the web browser via the CrescentCore browser extension
- Common CrescentCore behavior and some other text emplaining som info related to behavior
- Slows internet connection
CrescentCore effected Windows OS versions
- Windows 1023%
- Windows 842%
- Windows 726%
- Windows Vista7%
- Windows XP2%
Eliminate CrescentCore from Windows
Delete CrescentCore from Windows XP:
- Click on Start to open the menu.
- Select Control Panel and go to Add or Remove Programs.
- Choose and remove the unwanted program.
Remove CrescentCore from your Windows 7 and Vista:
- Open Start menu and select Control Panel.
- Move to Uninstall a program
- Right-click on the unwanted app and pick Uninstall.
Erase CrescentCore from Windows 8 and 8.1:
- Right-click on the lower-left corner and select Control Panel.
- Choose Uninstall a program and right-click on the unwanted app.
- Click Uninstall .
Delete CrescentCore from Your Browsers
CrescentCore Removal from Internet Explorer
- Click on the Gear icon and select Internet Options.
- Go to Advanced tab and click Reset.
- Check Delete personal settings and click Reset again.
- Click Close and select OK.
- Go back to the Gear icon, pick Manage add-ons → Toolbars and Extensions, and delete unwanted extensions.
- Go to Search Providers and choose a new default search engine
Erase CrescentCore from Mozilla Firefox
- Enter „about:addons“ into the URL field.
- Go to Extensions and delete suspicious browser extensions
- Click on the menu, click the question mark and open Firefox Help. Click on the Refresh Firefox button and select Refresh Firefox to confirm.
Terminate CrescentCore from Chrome
- Type in „chrome://extensions“ into the URL field and tap Enter.
- Terminate unreliable browser extensions
- Restart Google Chrome.
- Open Chrome menu, click Settings → Show advanced settings, select Reset browser settings, and click Reset (optional).