Who we are

The MacKeeper Anti-malware Lab is focused on real-time web monitoring and identifying malicious software for macOS. Our team of security researchers, malware hunters, data analysts, and software engineers are working to provide a dynamic response to popular, new and unknown threats affecting Mac and Apple systems.

What we do

We conduct security research, analyze malware and potentially unwanted apps and collaborate with MacKeeper software developers to enrich Mac protection significantly.

What motivates us

In the MacKeeper Anti-malware Lab, we do our best to:

  • Identify new online threats that target Mac devices in order to improve MacKeeper user protection

  • Study the behavior, forms of attack, as well as frequent targets and tactics of malware in order to find its pain points and deliver the most successful ways to eliminate threats

  • Raise public awareness of new online dangers and privacy risks that Mac users face daily in the connected world—read some of our recent reports here: https://mackeeper.com/blog/

How we approach our analysis

Malware comes in different forms — the package, disk image, application bundle, binary file or script file — can all vary. The malicious actions of threats are diverse as well. Malware can manifest in anything from showing an ad (adware) to using your Mac CPU to mine bitcoins (сryptojackers) or locking your sensitive data files (ransomware).

Our work starts with analyzing data samples from different sources in order to uncover the malware among them. We combine automated and manual analysis. Our automation tools generate different markers to help us with basic triaging of samples. Then, we put the sample to the controlled environment to observe its activity. Based on the automated analysis results we make additional research to decide whether this sample violates our criteria for malicious programs. If the answer is positive, we determine its type and create signatures for the MacKeeper anti-malware engine.

What we do with our results

After we have identified malware, we give our MacKeeper developers the corresponding signatures and data about specific malware techniques and tactics. Our developers use these details to improve our software, helping to clean infected Macs and protect them from further infections.

If you want to help us

To submit a suspicious file or possible false positive for analysis please follow the instructions for your issue below:

How to submit a suspicious file for analysis:

  1. Compress suspicious file(s) into a .zip archive, and password protect it with the password: “infected” (without quotes).

  2. Create an email with the following information:

    • In the Subject line: Indicate if the attached file contains a suspected infection (for example, use the subject “Malicious app”).

    • In the body of the email: Make a note of the password you set in the previous step and attach the .zip or .rar archive as well as any screenshots that describe sample behavior. Include information where the sample was found and why do you think it is suspicious.

  3. Send the email to: samples@kromtech.com

How to submit a false positive for analysis:

  1. Compress file(s) that has been marked by MacKeeper’s Adware Cleaner into a .zip archive, and password protects it with the password: “infected” (without quotes).

  2. Create an email with the following information:

    • In the Subject line: Indicate if the attached file contains a false positive candidate, start Subject with “FALSE POSITIVE:”.

    • In the body of the email: Make a note of the password you set in the previous step and attach the .zip archive. Please describe why do you think it is a false positive report. Please provide as much information as possible about the source of the software, including the name of the developer, the name and version of the application.

  3. Send the email to: samples@kromtech.com

If you are a software vendor and your app is detected as an malware by Adware Cleaner:

Please check criterias that we use to determine malicious behavior. If you think that an app was incorrectly detected, contact us for more information.

1https://blog.malwarebytes.com/101/2018/03/the-state-of-mac-malware/