Here is all you need to know about SearchBaron, a browser hijacker that has infected numerous Macs over the past two years and is still going strong in 2021.
The landscape of harmful programs zeroing in on Mac computers is home to a diverse range of strains. But, it is dominated by adware. These little digital villains aren’t insanely harmful or anything like that, but they are extraordinarily irritating to deal with and difficult to remove. The sample referred to as SearchBaron has earned a spot in this shadowy ecosystem, and for good reason. It surfaced in the summer of 2019 as what seemed to be just one of many viruses forming the massive Bing redirect campaign, but the volume of traffic it was generating at its dawn made it stand out from the crowd. Things got worse last year when SearchBaron burst out with innumerable infections.
This adware keeps to the beaten track by taking over its victim’s Internet preferences to forward the browser to an unsolicited service. This interference happens without clear permission requests. The traffic travels to SearchBaron.com first, and then the browser hits Bing.com. This scenario is a drag because users are accustomed to being able to specify the defaults settings in Google Chrome, Safari, or Mozilla Firefox. As soon as the SearchBaron virus kicks in, these preferences become null and void.
This infection is tightly intertwined with several more discreditable sites, each one of which plays a role in the sketchy monetization of the hijacked Internet traffic. The list of these URLs is as follows:
The operators of the SearchBaron stratagem tend to switch up the above domains once in a while. Regardless of the specific pattern of these redirects, all contamination instances have a common denominator. It’s Bing, a search engine that serves as the destination page in all of these situations. It seems odd why this trusted service could possibly end up in the middle of such a notorious malware vortex. There are several theories, but the most popular one is that cybercriminals are abusing its good name to give their dirty schemes a shade of legitimacy. Some Mac users may mistake incessant redirects to Bing.com for a banal and non-malicious misconfiguration of their web browser.
Despite the fact that SearchBaron.com or its ally URLs are eclipsed by Bing throughout the rerouting predicament, it is a critical link in the threat actors’ large-scale traffic redistribution model. Every time it forces the ensnared browser to hit the wrong site, application programming interfaces (APIs) of a few shoddy ad networks are resolved in the background. Simply put, this foul play turns the Mac into a revenue-generating entity for SearchBaron masters.
It’s not all doom and gloom, though. The infection is trivial to avoid as long as you exercise a little bit of caution while online. The key thing is to ignore software bundles, which are likely to push a series of unwanted apps under the guise of a single free program. Whenever you suspect a catch, stop interacting with such an installer or examine its actual structure thoroughly before you proceed. However, nobody is perfect and we all make blunders. If you have discovered SearchBaron virus activity on your Mac, use the following walkthrough to get rid of it.
Uninstall Mac malware that redirects to SearchBaron.com
Removing threats behind Mac browser redirect schemes is quite a challenge due to their high persistence and stealth. The good news is that you can use a tried-and-tested cleaning technique to overcome these obstacles. The steps below will help you out.
- Expand the Go pull-down menu in the Apple menu bar, select Utilities, and double-click the Activity Monitor icon.
- Look for a process that has nothing to do with Apple services or legitimate apps you are using. An unfamiliar icon and a significant amount of CPU usage are a few attributes of a malicious executable.
- Select the suspect entry and click the Stop (X) button, which is the leftmost one in the upper toolbar. Click Quit in the follow-up dialog to terminate the unwanted process.
- Open the Finder and select Applications in the “Favorites” area. Spot the misbehaving app and move it to the Trash.
- Use the above-mentioned Go menu to open the Go to Folder window.
- Enter /Library/LaunchDaemons in the search box and press Enter or click the Go button.
- Check the LaunchDaemons folder for items that seem out of place. Move the likely culprits to the Trash.
- Use the same method to access the ~/Library/LaunchAgents (with the tilde symbol at the beginning), /Library/LaunchAgents, and ~/Library/Application Support folders. Find potentially unwanted items in each directory and delete them.
- Open System Preferences and pick Users & Groups. Hit the tab called Login Items. Select the app that shouldn’t be running at each login and use the built-in controls to delete it from the list.
- When on the System Preferences screen, select Profiles. Normally, no configuration profiles should be installed unless you are using a company-issued Mac. Choose the redundant entry added by malware and click the “minus” sign to get rid of it.
- Empty the Trash folder.
Now that you have uninstalled Mac malware that’s setting SearchBaron.com redirect activity in motion, there are several more things you need to do at the level of your web browsers that are probably still affected.
Declutter your web browser
- Purge Safari of toxic junk
- Head to Safari Preferences, click the Privacy tab, and select Manage Website Data. Then, click the Remove All button.
- Under Safari Preferences, go to the Advanced tab and activate the option saying Show Develop menu in menu bar.
- Click Develop in the upper menu bar and select Empty Caches in the drop-down list.
- Open the History menu and click Clear History. Follow further prompts to remove all browsing history.
- Restart Safari.
- Revert to original Google Chrome settings
- Open Chrome, click Customize and control Google Chrome, and select Settings.
- Click the Advanced button in the sidebar, select Reset settings, click Restore settings to their original defaults, and confirm the action.
- Restart Chrome.
- Reset Mozilla Firefox
- Launch Firefox, click the Open Application Menu button, select Help, and click More Troubleshooting Information.
- Click Refresh Firefox and follow on-screen prompts to clear unwanted browsing data.
- Restart Firefox.
Surf the web wisely
The likes of the SearchBaron virus are very easy to catch and equally difficult to remove from your Mac. Moreover, they can cause more serious consequences than messing around with web browsers. Personal data harvesting is an example of what they usually do behind your back. That being said, you would be better off avoiding these baddies down the line.
The top tip is to be a little paranoid about software installers available outside of the App Store. There is always a chance that these items are trickier than they appear. At the very least, exit the “express” setup mode to see the list of promoted programs and uncheck suspicious ones. Ideally, you should stick with official application marketplaces that use rigid checks to keep shady code away.