Very few malware campaigns measure up against the Yahoo Search redirect plot that haunts Macs on a big scale and makes a mess of Safari settings.
The Mac territory is a far cry from being the famous walled garden that it used to be. It has loopholes that make various forms of exploitation possible, including surreptitious malware infiltration through application bundling schemes. This tactic is most heavily parasitized by adware and adjacent strains such as browser hijackers and popup viruses. A prime example of the former category is the Yahoo Search redirect, a threat that quietly installs itself on a Mac and operates with a focus on tweaking the victim’s Safari customizations. The default settings in Chrome, Mozilla, and other popular browsers typically undergo adverse changes as well.
Malicious actors’ goal is to capture and redirect the web traffic to search.yahoo.com. Simply put, when the user enters a search request into Safari’s address bar, the results will be returned via Yahoo instead of Google or whatever service the person has knowingly specified. This dubious venture involves a series of associated websites, each one serving as a catalyst for the rerouting activity. Here is a list of URLs most frequently seen in Yahoo redirect scenarios:
The so-called Safe Finder family dominates this cybercrime area in terms of quantitative prevalence, whereas all of the other spin-offs work in pretty much the same way. When the attack is in progress, one of the above URLs becomes the default search provider in Safari without getting the green light from the user. This compels the browser to resolve the dispatching address first, and then the traffic roams on to search.yahoo.com results.
Since the landing page is legitimate, some users think of this occurrence as nothing more than a weird misconfiguration. That’s probably a part of cybercrooks’ plan, though. The catch is that the hijacked Internet surfing session covertly floats through the APIs of advertising networks before reaching the destination. With these double-dealing services welcoming any type of unique user hits, this is the key to monetizing every attack.
There is a more devious facet of the matter some people overlook. As you look closer at the string appended to the resulting search.yahoo.com domain address, you’ll notice a few odd fragments, namely “yhs” and “Lkry”. The former stands for Yahoo Hosted Search, a feature that allows the provider’s partners to use its search functionality. The latter is an acronym that most likely denotes “Linkury”, a notorious maker of monetization solutions leveraged by adware distributors for about a decade.
The Yahoo Search redirect is a software-borne peril. The unwanted reorganization of Safari activity stems from an application that has settled down inside the system and replaced the original set-ups with rogue ones. To clean up your Mac, you need to find this unwanted object along with its helper files and delete them all. Reconfiguring the browser in accordance with your real preferences is one more thing on your to-do list. The part below will give you an idea of how to fix the problem.
Uninstall Mac malware that redirects to Yahoo Search
Removing threats behind Mac browser redirect schemes is quite a challenge due to their high persistence and stealth. The good news is that you can use a tried-and-tested cleaning technique to overcome these obstacles. The steps below will help you out.
- Expand the Go pull-down menu in the Apple menu bar, select Utilities, and double-click the Activity Monitor icon.
- Look for a process that has nothing to do with Apple services or legitimate apps you are using. An unfamiliar icon and a significant amount of CPU usage are a few attributes of a malicious executable.
- Select the suspect entry and click the Stop (X) button, which is the leftmost one in the upper toolbar. Click Quit in the follow-up dialog to terminate the unwanted process.
- Open the Finder and select Applications in the “Favorites” area. Spot the misbehaving app and move it to the Trash.
- Use the above-mentioned Go menu to open the Go to Folder window.
- Enter /Library/LaunchDaemons in the search box and press Enter or click the Go button.
- Check the LaunchDaemons folder for items that seem out of place. Move the likely culprits to the Trash.
- Use the same method to access the ~/Library/LaunchAgents (with the tilde symbol at the beginning), /Library/LaunchAgents, and ~/Library/Application Support folders. Find potentially unwanted items in each directory and delete them.
- Open System Preferences and pick Users & Groups. Hit the tab called Login Items. Select the app that shouldn’t be running at each login and use the built-in controls to delete it from the list.
- When on the System Preferences screen, select Profiles. Normally, no configuration profiles should be installed unless you are using a company-issued Mac. Choose the redundant entry added by malware and click the “minus” sign to get rid of it.
- Empty the Trash folder.
Now that you have uninstalled Mac malware that’s setting Yahoo Search redirect activity in motion, there are several more things you need to do at the level of your web browsers that are probably still affected.
Declutter your Safari browser
- Head to Safari Preferences, click the Privacy tab, and select Manage Website Data. Then, click the Remove All button.
- Under Safari Preferences, go to the Advanced tab and activate the option saying Show Develop menu in menu bar.
- Click Develop in the upper menu bar and select Empty Caches in the drop-down list.
- Open the History menu and click Clear History.
- Follow further prompts to remove all browsing history.
- Restart Safari.
Surf the web wisely
The likes of the Yahoo Search redirect virus are very easy to catch and equally difficult to remove from your Mac. Moreover, they can cause more serious consequences than messing around with web browsers. Personal data harvesting is an example of what they usually do behind your back. That being said, you would be better off avoiding these baddies down the line.
The top tip is to be a little paranoid about software installers available outside of the App Store. There is always a chance that these items are trickier than they appear. At the very least, exit the “express” setup mode to see the list of promoted programs and uncheck suspicious ones. Ideally, you should stick with official application marketplaces that use rigid checks to keep shady code away.