How to eliminate the fake Unarchiver stealer-type malware from your Mac
Written by Tomas Meskauskas on (updated)
What kind of malware is fake Unarchiver?
"Fake Unarchiver" refers to a stealer-type malware targeting Mac devices. It imitates The Unarchiver utility freeware. As the classification implies, this malicious program is designed to steal information from infected systems and installed applications. Fake Unarchiver targets various log-in credentials and cryptocurrency wallets, among other sensitive information.
Fake Unarchiver malware overview
This malware infiltrates Mac Operating Systems (OSes) under the guise of The Unarchiver – a freeware data decompression utility capable of unpacking archive files of various formats.
Following successful installation, the fake Unarchiver might request the user to enter their system password. This stealer also collects relevant device data, e.g., name, OS version, IP address, etc.
The malware can extract log-in credentials (usernames/passwords) from the Keychain – macOS native password manager. It can download (steal) files from infected devices.
The fake Unarchiver can acquire data from installed apps, including browsers. Typically, from the latter, malicious software seeks browsing and search engine histories, bookmarks, Internet cookies, log-in credentials, personally identifiable details, credit card numbers, etc.
The stealer in question does target cryptowallet browser extensions, but it also aims to obtain information relating to desktop digital wallets.
It must be mentioned that malware developers often improve upon their software and methodologies. Therefore, potential future iterations of this stealer could have a broader target list and additional/different functionalities.
In summary, the presence of software like the fake Unarchiver on devices can result in severe privacy issues, financial losses, and identity theft.
Name | Fake Unarchiver malware |
Threat Type | Mac malware, Mac virus, stealer |
Detection Names | Avast (MacOS:Stealer-AU [Trj]), Combo Cleaner (Trojan.GenericKD.73751536), ESET-NOD32 (OSX/PSW.Agent.CA), Kaspersky (UDS:Trojan-Downloader.OSX.Amos.gen), Full List Of Detections (VirusTotal) |
Symptoms | Trojans are designed to stealthily infiltrate the victim's computer and remain silent, and thus no particular symptoms are clearly visible on an infected machine. |
Distribution Methods | Infected email attachments, malicious online advertisements, social engineering, software 'cracks'. |
Related Domains | tneunarchiver[.]com |
Detection Names (tneunarchiver[.]com) | Combo Cleaner (Malware), Certego (Malicious), Emsisoft (Malware), Fortinet (Malware), Full List Of Detections (VirusTotal) |
Damage | Stolen passwords and banking information, identity theft, the victim's computer added to a botnet. |
Malware Removal (Mac) | To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. |
Malware-specific stealer examples
We have investigated thousands of malware samples; Banshee, ROD, and Poseidon are merely a few of our articles on Mac-specific stealers. It is noteworthy that information-stealing abilities are not exclusive to stealers, and data theft is common in combination attacks.
However, regardless of what (if any) information that malware targets – its presence on a system threatens device integrity and user safety. Therefore, all threats must be eliminated immediately upon detection.
How did fake Unarchiver infiltrate my computer?
This fake Unarchiver malware was observed being promoted on a malicious website. The page is an almost perfect visual copy of the legitimate Unarchiver's official site. Additionally, the imitator webpage relies on typosquatting, its URL – tneunarchiver[.]com – is a misspelling of the official website's domain, which is theunarchiver.com.
Keep in mind that this stealer could be hosted on different domains or distributed by using other techniques. Generally, malware is spread by employing phishing and social engineering tactics. It is often disguised as or bundled with existing/innocent-sounding programs or media.
The most widely used malware proliferation methods include: drive-by (stealthy and deceptive) downloads, malicious attachments/links in spam (e.g., emails, PMs/DMs, social media posts, etc.), online scams, malvertising, dubious download sources (e.g., freeware and free file-hosting websites, Peer-to-Peer sharing networks, etc.), illegal software activation tools ("cracks"), fake updaters, and pirated content.
Furthermore, some malicious programs can self-spread via local networks and removable storage devices (e.g., USB flash drives, external hard drives, etc.).
How to avoid installation of malware?
We strongly recommend downloading only from official and verified channels. Additionally, all programs must be activated and updated using functions/tools provided by legitimate developers, as those acquired from third-parties can contain malware.
Another recommendation is to be vigilant when browsing, as fake and malicious online content usually appears genuine and innocuous. Caution must be exercised with incoming emails and other messages. Attachments or links present in suspicious/irrelevant mail must not be opened, as they can be infectious.
We must emphasize that having a dependable anti-virus installed and kept updated is paramount to device and user safety. Security software must be used to perform regular system scans and to remove detected threats and issues. If your computer is already infected, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate infiltrated malware.
Fake The Unarchiver website used to promote this stealer-type malware:
Instant automatic Mac malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.
Quick menu:
Potentially unwanted applications removal:
Remove potentially unwanted applications from your "Applications" folder:
Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX","NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.
Frequently Asked Questions (FAQ)
My computer is infected with fake Unarchiver malware, should I format my storage device to get rid of it?
Malware removal rarely requires such drastic measures.
What are the biggest issues that fake Unarchiver malware can cause?
The threats associated with an infection depend on the malware's abilities and the attackers' modus operandi. The fake Unarchiver operates as a stealer, i.e., it extracts/exfiltrates sensitive data. Infections of this kind are linked to serious privacy issues, financial losses, and identity theft.
What is the purpose of fake Unarchiver malware?
The primary motivation behind malware attacks is profit. However, cyber criminals can also use malicious software to amuse themselves, carry out personal vendettas, disrupt processes (e.g., sites, services, companies, etc.), engage in hacktivism, and launch politically/geopolitically motivated attacks.
How did fake Unarchiver malware infiltrate my computer?
As the name implies, this stealer infiltrates systems under the guise of The Unarchiver – a legitimate data decompression utility program. It has been promoted via fake pages mimicking The Unarchiver's official website. However, other disguises and distribution methods are not unlikely.
Generally, malware is proliferated through drive-by downloads, spam emails/messages, untrustworthy download sources (e.g., freeware and third-party sites, Peer-to-Peer sharing networks, etc.), online scams, malvertising, pirated content, illegal program activation tools ("cracks"), and fake updates. Some malicious programs can even self-spread via local networks and removable storage devices.
Will Combo Cleaner protect me from malware?
Yes, Combo Cleaner can detect and remove practically all known malware infections. Remember that high-end malicious software usually hides deep within systems – therefore, performing a complete system scan is paramount.
▼ Show Discussion