- #MPLAYERX PLAYLIST MAC OS X#
- #MPLAYERX PLAYLIST INSTALL#
- #MPLAYERX PLAYLIST UPDATE#
- #MPLAYERX PLAYLIST FULL#
Update (): Although we still don't recommend trusting software from anyone who would use an installer like the one described above, we no longer detect MPlayerX itself. Malwarebytes Anti-Malware for Mac detects any version of MPlayerX as PUP.MPlayerX. The addition of malware-like analysis avoidance behavior makes the decision to call MPlayerX a PUP a no-brainer.įurther, because we feel that this malware-like behavior shows that the developer of MPlayerX is not trustworthy, we detect the Mac App Store version of MPlayerX to be a PUP as well. The bundling of MPlayerX into an adware installer, alongside adware and other PUPs, is reason enough to consider it to be a PUP according to our PUP criteria. Thus, MPlayerX can't detect that it's running in a virtual machine, and thinks it's on a real system, in the second case, at which time it dumps its nasty payload of crap. The second time shows the same process, in the same virtual machine - with some modifications to the virtual machine to defeat the technique MPlayerX uses to detect it.
#MPLAYERX PLAYLIST INSTALL#
(Or, more accurately, installs an MPlayerX installer that you still have to run to install MPlayerX.)
#MPLAYERX PLAYLIST MAC OS X#
The first time, it is installed in a Parallels Virtual Machine running Mac OS X 10.11 (El Capitan), and it installs nothing but MPlayerX. The following video shows the MPlayerX installer being downloaded from the official MPlayerX site and being installed twice. Sure enough, although the installer had been updated, it still exhibited the same analysis avoidance behavior, this time installing IronCore, MacKeeper, and MegaBackup. Recently, we decided to re-evaluate MPlayerX for possible detection as a PUP (potentially unwanted program). When opened on a "real" system, however, it would install the IronCore adware, as well as (at that time) the junk apps MacKeeper and ZipCloud. When run in a virtual machine, it installed nothing but MPlayerX. The MPlayerX installer, it turned out, was doing exactly that. Using a virtual machine is a good way to keep the malware isolated from a real system, so that the infection is easier to contain. For example, a researcher may install Mac OS X within a virtual machine run by a program like Parallels, VMWare, or VirtualBox.
#MPLAYERX PLAYLIST FULL#
The most common method of analysis avoidance that malware uses is to detect whether it is running within a virtual machine - in other words, a full system running entirely within a piece of software. Thus, if a researcher or tool is not aware that the program is malicious, it avoids sending up any red flags that would trigger a more thorough analysis. This means that if it feels that it is being analyzed by a security researcher or automated security software, it will act innocent, showing none of its malicious behaviors. Malware will frequently exhibit analysis avoidance behavior. The official MPlayerX installer began to attempt to defy analysis! The bad behavior didn't stop there, however.
Unfortunately, this didn't turn out to be good news, as it was soon discovered that the official MPlayerX installer, downloaded directly from the MPlayerX website, had started to include the IronCore adware. In early 2015, MPlayerX wasn't being distributed with VSearch anymore. MPlayerX began to be so synonymous with the VSearch adware that Google searches for "MPlayerX" began to show prominently-featured hits for "MPlayerX removal." Worse, it eventually became apparent that MPlayerX was not simply an innocent victim. At the time, many people assumed that MPlayerX was being used in the same manner that Adobe Flash Player often is - innocent software used to trick people into running a shady installer. Back in 2014, an emerging piece of adware that soon crossed the line to malicious behavior, called VSearch, was frequently associated with MPlayerX installers.
MPlayerX began to be associated with malware about two years ago, or possibly even longer.
0 kommentar(er)
