A strain of persistent Mac adware is wreaking havoc by rerouting web browsers to bing.com via a series of rogue pages without permission.
One of the benefits of being a Mac user is that malicious software can’t easily slip past Apple’s defenses. Stringent app verification mechanisms combined with the Gatekeeper feature raise the bar for cybercriminals, but some threats like adware and browser hijackers are capable of bypassing these obstacles in a snap. While causing low or moderate damage, they are hugely frustrating because the victims can no longer surf the web in a hassle-free way. This goes for the Bing redirect virus, a pest that plagues Macs to fuel its operators’ dirty traffic monetization activity.
When this infection is on board, it incessantly forwards Safari, Google Chrome, or Mozilla Firefox to bing.com instead of the sites the user wants to visit. Although the landing page displays legitimate search results, the intercepted web traffic goes through several dubious URLs before reaching the unexpected destination.
These intermediate domains include searchmarquis.com, searchbaron.com, searchsnow.com, and searchitnow.info. Their role in this malicious campaign is to redistribute the traffic and resolve sketchy advertising networks for a split second, thereby generating affiliate revenue for the perpetrators.
The crooks appear to abuse the Bing search provider as a sidetracking entity that veils the whole foul play going on behind the scenes. What really matters for the bad actors is the series of sites that the hijacked browser resolves along the way. Unfortunately, this plot is implemented at the expense of the victims’ online experience.
Users unknowingly allow the Bing redirect virus to get in
The potentially unwanted application (PUA) underlying this predicament contaminates Mac computers via software bundles. The pitfall is that users give the green light to this installation without realizing it. The quandary starts with a software package disguised as a regular installer promoting a malware-riddled Adobe Flash Player update or another ostensibly harmless program.
However, the installer’s default option hides a few malicious apps in plain sight. This explains why victims are clueless about the attack until their browser starts redirecting to Bing all of a sudden. Luckily, it’s easy to prevent this from happening: all it takes is selecting the custom setup mode and opting out of the bundled items. However, most people just go with the flow and don’t bother checking such installers for extra components.
Once inside, the PUA adds a dodgy extension to the victim’s preferred web browser. The add-on takes over the default search engine and homepage settings by replacing them with a fishy domain that leads to Bing. These tweaks will stay in effect even after the user specifies the correct settings again – that’s because the browser is managed by a malicious configuration profile enrolled in Mac’s System Preferences.
How to remove Bing redirect virus from Mac
Here are point-by-point instructions to get rid of malicious code underlying the Bing redirect issue.
- Open the Go pull-down menu in your Mac’s Finder, select Utilities, and double-click the Activity Monitor icon.
- When the Activity Monitor app is opened, examine the running processes and pinpoint a potentially unwanted item. You may have to follow your intuition because the name of the dubious executable usually has nothing to do with the symptoms you are encountering. As a general rule, look for an entry you don’t recognize that consumes a significant amount of CPU.
- If you identify the suspect, select it and click the X symbol in the top left-hand part of the window. To terminate the malicious process, select Force Quit on the pop-up that will appear.
- Return to the Go menu and pick the option that says Go to Folder. This feature provides a shortcut to opening specific directories on your Mac.
- Type ~/Library/LaunchAgents in the follow-up folder search dialog and press Enter. When the LaunchAgents screen is in front of you, look for unwanted items and move them to the Trash.
- Repeat the above procedure for the following folders: /Library/LaunchAgents (without the tilde sign), /Library/LaunchDaemons, and ~/Library/Application Support. Spot sketchy files and delete them.
- Pick Applications in the Go drop-down menu. Inspect the list of installed apps and send the unfamiliar one to the Trash. Here’s a quick tip: focus on recently added software you don’t remember installing – that’s most likely the culprit.
- Head to System Preferences and select Users & Groups. Click the lock symbol and enter your admin password to enable changes. Then, click Login Items, select the unwanted application, and click the “minus” icon to stop the malware from being executed at startup.
- Go back to the System Preferences screen and select Profiles. If you don’t have any device profiles installed (including malicious ones), this item will be missing. In case it’s there, select the unwanted profile and delete it by clicking the “minus” icon.
- If the malware has created an icon in your Dock, right-click it, select Options, and click Remove from Dock.
- Empty the Trash.
Ways to stop Bing redirects in a web browser on Mac
Even after the virus is removed from the system, your preferred browser may continue to be redirected. If this is happening, your best bet is to reset it to its original defaults.
- Get rid of Bing redirects in Safari
- Open the browser. Expand the Safari menu and choose Preferences. Click the Advanced tab and turn on the following option: Show Develop menu in menu bar.
- Click Develop and select Empty Caches in the pull-down menu, as shown on the screen capture below.
- Click History in the Safari menu, select Clear History, and follow further prompts to delete all browsing history from Safari.
- Return to the Safari Preferences, select the Privacy tab, click Manage Website Data, and remove all data stored by websites.
- Relaunch Safari.
- Stop Bing redirects in Google Chrome
- Open Chrome, head to Settings, click Advanced and select Reset settings.
- Click Restore settings to their original defaults and click the Reset settings button, as illustrated below.
- Restart Chrome.
- Stop Mozilla Firefox from being redirected to Bing