This warning applies to all users, Mac, Windows or Linux: Please avoid software from these “download sites”. Get your software directly from the publisher or the app store. MacUpdate has been caught again repackaging legitimate software to bundle it with malicious payloads. This was reported back in 2015, but they’ve been caught again yesterday, as reported by MalwareBytes.
They found three different apps, including Firefox web browser, being used as decoys. The decoy apps were wrapped with a crypto-miner designed to steal your CPU time to mine for Monero, a digital cryptocurrency. In simple terms, they slow down your Mac and use it to print money for a criminal.
Firefox is great software and perfectly safe – if you download an official copy from Mozilla. If you downloaded it from MacUpdate, it was being hijacked.
The MalwareBytes Blog makes some great points about this issue:
There are multiple takeaways from this. First and foremost, never download software from any kind of “download aggregation” site (a site that acts like an unofficial Mac App Store to let you browse for software). Such sites have a long history of issues. In the case of MacUpdate, back in 2015 they were modifying other people’s software, wrapping it in their own adware-laden installer. This is no longer happening, but in 2016, MacUpdate was similarly used to distribute the OSX.Eleanor malware.
Instead, always download software directly from the developer’s site or from the Mac App Store. These are not guarantees, and can still get you infected with malware, adware, or scam software. But your odds are better. Be sure to check around to make sure the software is legitimate before downloading, but do not give full credence to ratings or reviews on third-party sites or the Mac App Store, as those can be faked.
Second, if you have downloaded a new application and it seems not to be functioning as expected—such as not opening at all when you double-click it—be suspicious. Consider scanning your computer with security software. Malwarebytes for Mac will detect this malware as OSX.CreativeUpdater.
Finally, be aware that the old adage that “Macs don’t get viruses,” which has never been true, is proven to be increasingly false. This is the third piece of Mac malware so far this year, following OSX.MaMi and OSX.CrossRAT. That doesn’t even consider the wide variety of adware and junk software out there. Do not let yourself believe that Macs don’t get infected, as that will make you more vulnerable.