If you firmly believe Macs can’t get viruses, the Yahoo redirect threat can prove you wrong as it has been around for years and is still going strong.
No matter how hard Apple is trying to harden the defenses of macOS against harmful code, malware makers keep finding ways to get around these mechanisms. Bad actors are growingly adept at masterminding software bundles that veil dubious apps underneath shiny wrappings, and the use of Mac configuration profiles for persistence has become the norm over the years.
Even the tech giant’s vaunted app notarization process introduced in early 2020 has reportedly failed several times. A handful of adware samples have successfully made it to the Gatekeeper whitelist despite all the extensive checks.
The Yahoo redirect campaign, one of the most prolific stratagems in the Mac arena, appears to combine all the wicked tricks that help present-day cybercrooks outsmart one of the world’s most secure operating systems. The top symptom of this attack is the distortion of a victim’s web surfing preferences that causes the browser to resolve search.yahoo.com instead of the search engine of choice.
With the legitimacy of Yahoo being indisputable, this bizarre redistribution of web traffic appears to make no sense upon a rudimentary examination. The big picture becomes clearer once you have a closer look at the anatomy of the redirect process.
Before hitting the reputable landing page, the affected web browser silently resolves a series of URLs that denote dubious advertising networks. This way, the operators of this campaign rake in ad revenue. The role of Yahoo is to simply divert the victim’s attention from the shady part of the attack.
The Yahoo redirect activity is closely related to several auxiliary sites that mimic genuine search functionality. Here is the list of these dodgy web pages:
- search.safefinder.com
- search.chill-tab.com
- search.tapufind.com
- search.searchpulse.net
- search.anysearchmanager.com
- searchmine.net.
This network of knock-off search providers is intended to facilitate the fraudulent traffic monetization scheme. They intertwine the browser redirect logic with Web APIs affiliated with advertising networks the attackers do business with.
The Yahoo redirect virus underlying this digital mishmash is distributed via software bundles that look safe on the outside but conceal harmful apps under the same umbrella. Although the “express” installation mode of these packages seems to deliver a hassle-free setup experience, it drags unwanted extras into the Mac without letting the user know.
The above-mentioned abuse of the configuration profiles feature allows this threat to persevere inside the system. It throws a spanner in the works if you try to replace the skewed browser settings with the correct ones. Therefore, you can’t get rid of the virus unless you take care of its persistence quirks as part of the cleanup. Keep reading to find out how to purge the Yahoo redirect infection from your Mac for good.
Spot and Eradicate Malware Holding Sway over Your Web Browsers
The following steps will help you identify and remove the malicious app that’s causing Yahoo redirect activity on your Mac. It’s important to understand that this isn’t a browser-only issue, and therefore quite a bit of system cleaning is on your to-do list.
- Expand the Gomenu in the Finder area, pick Utilities on the list, and select Activity Monitor.
- Scroll down the list of your running processes and try to pinpoint a suspicious one. It may have an unfamiliar icon next to it and consume a significant amount of CPU and RAM.
- Once you find the culprit, click on it and use the X button at the top left of the Activity Monitor screen to quit the unwanted executable.
- Click Go in the Finder bar again and select Applications. Examine the list and try to find a recently added app you never agreed to install. Send this app to the Trash.
- Launch the Go to Folder feature as illustrated below.
- Type ~/Library/LaunchAgents in the folder search box and click Go to open that location.
- Find suspicious items in the LaunchAgents directory and move them to the Trash.
- Use the ‘Go to Folder’ dialog to open the ~/Library/Application Support, /Library/LaunchAgents (with no tilde symbol prepended), and /Library/LaunchDaemons folders.Scrutinizetheir contents and delete files that look out of place.
- Go to System Preferences > Users & Groups and open the Login Items tab. Click the padlock sign and enter your admin password to enable changes. Then, select the unwanted app and remove it from your Mac’s startup list by clicking the “minus” symbol at the bottom left.
- Go to System Preferences > Profiles. Pick the malicious item and click the “minus” symbol to remove it. A few examples of known-malicious configuration profiles associated with the Yahoo redirect virus are Safari Settings, Chrome Settings, and AdminPrefs.
- Empty the Trash.
Eradicating all the traces of the potentially unwanted application (PUA) is an important stage of the cleanup, but it might not suffice to stop Yahoo from taking over your web browsers. That said, you should additionally erase the elements of this infection from Safari, Google Chrome, and Mozilla Firefox on your Mac.
How to Get Rid of Yahoo Redirect Activity in Your Web Browser
- Remove Unwanted Data from Safari
- Launch the browser and go to Safari > Preferences. Proceed to the Advanced tab and check if the Show Develop menu in menu bar option is enabled. If it’s not, turn it on as shown in the image below.
- Expand the Develop menu that has appeared and click Empty Caches.
- Go to History > Clear History. Stick with the default all history option and click Clear History.
- Head to Safari Preferences > Privacy and click Manage Website Data. Clear all the cache, cookies, and local storage by clicking the Remove All button.
- Restart Safari.
- Reset Google Chrome to Its Defaults
- Launch Chrome and go to Settings > Advanced > Reset settings.
- Select the Restore settings to their original defaults option and click the Reset settings button on the confirmation pop-up.
- Restart Chrome.
- Reset Mozilla Firefox Settings
- Run Firefox and go to Help > Troubleshooting Information.
- In the section named Give Firefox a tune up, click Refresh Firefox.
- Relaunch Firefox.
Steer Clear of Mac Browser Hijackers Further On
The Yahoo redirect virus is a hugely annoying and persistent threat, but it’s not one of a kind. There are many more nasties that can enslave your preferred web browser in a snap without asking. Therefore, you would be better off defending your Mac against such infections proactively.
The good news is, staying safe isn’t that hard. All it takes is avoiding freeware installation clients promoted outside of Apple’s App Store and other trusted resources. If you suspect an app bundle with a catch, exit the installation screen immediately. Also, don’t fall for ads on websites telling you to download a critical software update – this is a telltale sign of a malware distribution hoax.