Remove Akamaihd Mac virus from Safari, Chrome, Firefox

0
1005

What is Akamaihd Mac virus?

The Mac malware landscape is full of inconsistencies and hybrid characteristics blurring the legit and outright shady entities into a vicious, undrainable cocktail. The malicious actors are becoming growingly adept at masterminding adware campaigns that mishandle reputable services to bypass regular security mechanisms and website blacklisting tools. This train of thought isn’t far-fetched at all and it assumes a clear-cut shape in light of the recent surge in browser hijack stratagems homing in on Mac computers. These advanced campaigns revolve around Akamaihd.net, a major U.S. based content delivery network (CDN) managing up to a third of the global Internet traffic. Ironically, the underlying company is also a cybersecurity provider. Malefactors don’t seem to care less, though, as they defiantly exploit its services in one of the biggest waves of Mac browser redirect hoaxes to date.

Search preferences hijacked by Akamaihd.net virus on Mac

The principle of the criminals’ conspiracy is as follows: they use a strain of adware to gain a foothold in a Mac and change the victim’s customizations in Safari, Google Chrome, and Mozilla Firefox, including the default search engine and homepage settings. The replacement URLs vary, but their structure has a common denominator across all instances – it’s the a.akamaihd.net string. This part is prepended by a random-looking sequence of characters and numbers depending on the sub-campaign of the hoax. It is additionally concatenated by a long tail consisting of a campaign ID and several hyphenated groups of hexadecimal symbols. So, for example, the imposed search provider’s address is going to be something like default21076355-a.akamaihd.net, followed by an array of characters (e.g. cps?n=%s&_pg=A230D0E7-71B4-51F9-96A0-62BE2CFD8745) uniquely identifying the threat actors in charge. There are about a dozen different URLs in circulation concurrently, which simply means that the ruse is run by multiple crews of malefactors. Here are a few that have surfaced recently (the list goes on as new variants appear in the wild):

  • default06091388-a.akamaihd.net
  • default120617-a.akamaihd.net
  • fbcdn-dragon-a.akamaihd.net
  • fbcdn-dragon-a.akamaihd.net
  • fbcdn-external-a.akamaihd.net
  • fbcdn-gtvideo-a.akamaihd.net
  • lkysearchds3986-a.akamaihd.net
  • lkysearchds4694-a.akamaihd.net
  • lkysearchds5927-a.akamaihd.net
  • lumiere-a.akamaihd.net
  • search82298264-a.akamaihd.net
  • spoprod-a.akamaihd.net

It’s important to understand that the rogue search settings perform an auxiliary function aimed at further rerouting the enslaved browser to another site. In plain words, Akamaihd.net hijack is the side show, with the main act boiling down to the promotion of a certain junk search engine. One of these forcibly pushed pseudo providers is called Safe Finder. This notorious brand combines a number of worthless web resources, such as search.safefinder.com, search.macsafefinder.com, and search.safefinderformac.com, under the same umbrella. Since Akamaihd.net virus redirects to one of these pages, the victim is stuck with a service they never opted for. Their goal is to primitively intercept the traffic while outsourcing the whole information lookup capacity to search.yahoo.com.

Fake search engine promoted by Akamaihd.net hijacker

Search Pulse is one more controversial entity propped by the Mac virus in question. The logic of the scheme is pretty much the same as in the Safe Finder scenario. The target’s browser is rerouted to home.searchpulse.net or search.searchpulse.net via Akamaihd.net. The landing page also mimics an authentic provider but ends up forwarding the web traffic over to Yahoo Search without adding any real value of its own. The navigation path inconspicuously resolves a few ad networks along the way to generate fraudulent revenue for the adware operators.

Again, the perpetrators implement a complex browser preferences skewing tactic to monetize their harmful code. The role of Akamaihd.net, a trustworthy service with a commendable track record, is to make this campaign slip under the radar of traditional regulatory mechanisms and filters. How can this questionable cooperation possibly exist? This is a question that has yet to be answered going forward. One way or another, the black hats appear to have really hit the sweet spot in this regard.

How did Akamaihd virus infect my Mac?

Although this threat is sophisticated in terms of evasion and persistence techniques, its distribution is nothing out of the ordinary. Just like your garden-variety potentially unwanted application (PUA), it sneaks into Macs by attaching itself to freeware bundles that seem perfectly safe on the outside. Users are predominantly victimized through an old trick that involves fake Adobe Flash Player update pop-ups appearing on a vast range of shady websites.

Fabricated Adobe Flash Player update pop-up spreading Akamaihd.net threat

The package looks like an ordinary updater but it actually conceals a pitfall, cross-promoting the Akamaihd.net hijacker and possibly one or several more adware programs. These nasty extras aren’t visible in the installer’s GUI unless you exit its default set-up and pick the custom option instead. This simple step will reveal the complete structure of the package, allowing you to deselect the additional unwanted apps or discontinue the installation altogether if you realize that it’s fishy from the ground up.

What makes Akamaihd.net hijacker so hard to remove?

There is one fundamental thing that underlies its persistence: a malicious configuration profile. The former paves the infection’s way toward elevated privileges. A common device profile use case is to define and apply certain rules and restrictions to ascertain that all computers on a managed network conform to the organization’s policies. It comes as no surprise that network admins find this functionality incredibly useful. However, there is one more category of individuals who think it’s the best thing since sliced bread. It’s cybercriminals. They have turned this benign feature into a game-changing tool up their sleeves.

Configuration profile enrolled by adware

As soon as Akamaihd.net virus is inside a Mac, it bypasses the System Integrity Protection (SIP) security mechanism and installs a crooked configuration profile under System Preferences. This object establishes control over specific settings in the victim’s web browser, including the default search engine. This explains why the incorrect search preferences cannot be modified manually. The truth is, it’s doable. But, you need to delete the rascally profile first (the procedure will be described further down).

How do I remove Akamaihd virus from Mac?

Although this threat manifests itself in the web browser only, it actually leaves a footprint across the system to maintain persistence. The subsection below will help you find and remove all the components of Akamaihd.net virus manually. Keep in mind that some of its files are a no-brainer to spot, while a few may be hidden so that the cleanup is harder to complete than in a typical software uninstall situation.

  • Expand the Go menu in your Mac’s Finder and click the Utilities entry.
    Access the Utilities dashboard
  • Proceed to the Activity Monitor.
    Select the Activity Monitor
  • Explore the Activity Monitor for processes that appear dubious and use up a good deal of the CPU. Be advised that the malicious executable isn’t necessarily named Akamaihd or similar, so you’ll have to follow your intuition to an extent. If you find such a suspicious object, use the Quit Process option to terminate it. Confirm the action by clicking Force Quit on a follow-up prompt.
Terminate the malicious executable
  • In the Finder bar, click the Go icon and select Go to Folder in the list. Alternatively, you can press the Command+Shift+G key combo.
  • Once the system search bar appears, type /Library/LaunchAgents in it and click Go.
    Go to Folder box
  • When the LaunchAgents folder is in front of you, look for suspicious files and drag them to the Trash. Note that the names of such malicious objects might appear to be unrelated to Any Search Manager adware. Here are a few examples of known-harmful files spawned by Mac viruses: com.mcp.agent.plist, com.pcv.herlperamc.plist, com.avickupd.plist, etc. Any items that don’t fit the mold of benign Mac files should be moved to the Trash immediately.
  • Follow the same logic (Go to Folder feature) to open the directories called ~/Library/LaunchAgents, /Library/Application Support, and /Library/LaunchDaemons in turn. Look for suspicious files (see examples above) in each one of these folders and remove them.
  • Now use the Go drop-down menu in the Finder again and choose Applications.
    Go to the Applications pane
  • Inspect the list of your applications for a potentially unwanted entity whose installation time co-occurred with the issue. It’s most likely the Search Pulse, Safe Finder or some random-named piece of software you don’t recollect installing recently. Once you find the unwelcome app, drag it to the Trash. Empty the Trash folder when done.
    Uninstall the malicious app
  • Use the Finder to navigate to your System Preferences
    Proceed to System Preferences from your Mac’s Finder
     
  • Proceed to Accounts and select Login Items. The system will display all user profiles created on your Mac as well as the programs executed automatically whenever your turn on your computer. Use the “minus” pictogram to delete the rogue account along with the sketchy item triggered at boot time.
    Eliminate the unwanted user account and login item

Uninstalling the harmful application is half the battle. It is a way to make sure that the symptoms won’t reappear after you implement the browser-level part of the repair. In the meanwhile, the Akamaihd.net redirect nasty continues to affect your preferred web browser and therefore you need to revert to the correct Internet surfing settings. Read the subsection below to find out how.

How do I stop a-akamaihd.net redirects in Safari/Chrome/Mozilla Firefox browser?

Thankfully, you needn’t reinvent the wheel in terms of invalidating the adverse tweaks caused by the Akamaihd.net virus in your browser. A tried-and-true technique is to reset the affected browser to its original defaults. On a side note, Apple has removed the “Reset Safari” button since the release of the Mac native browser’s version 9 back in 2015, so the procedure is now a bit more complex than a one-click experience (see below). Anyway, here’s a simple way to purge the most popular web browsers of the malicious influence:

  1. Tidy up your Safari browser
    • Select Preferences in the Safari menu and as illustrated below.Go to Safari Preferences
    • Click the Advanced tab and put a checkmark next to the Show Develop menu in menu bar option.Show Develop menu in menu bar’ option
    • Click the Advanced tab and put a checkmark next to the Show Develop menu in menu bar option.Empty Caches in Safari
    • Check if the browser is still being forwarded to a-akamaihd.net. If it is, go back to the Safari menu bar, expand the History menu, and select the Clear History option as shown in the screenshot below.Clear History in Safari
    • Customize the process using a follow-up dialog that allows you to define the period of time for which you want to remove cookies and other website data. It’s recommended that you select all history. Then, go ahead and click Clear History.Clear all Safari history
    • If your Safari browser is being rerouted to the rogue URL regardless, go to the Preferences pane via the Safari menu bar again and hit the tab called Privacy. Find and click the Manage Website Data button.Manage Website Data button
    • Safari will display a list of all sites that have retained your online data. Click the Remove All button without a second thought. Once the information has been deleted, click Done at the bottom right.Remove all site data in Safari
  2. Reset Google Chrome settings
    • Open Chrome, click the Customize and control Google Chrome () icon in the upper right-hand part of the window, and select Settings in the drop-down list.
    • Look for the button called Advanced and click it to access beyond the basic Chrome settings.
    • In the Reset settings area, click the button that says Restore settings to their original defaults.Reset Google Chrome on Mac
    • All that’s left to do is click Reset settings on the respective dialog in case you are okay with the resulting changes listed there. Restart Chrome to make sure the benign tweaks take effect.
  3. Give Mozilla Firefox a tune up
    • Open Firefox, click Help, and select Troubleshooting Information in the list.
    • Click the button called Refresh Firefox.Refresh Firefox on Mac computer
    • The browser will trigger an extra popup dialog where you should confirm the reset action. When finished, restart Firefox and enjoy your web surfing without Any Search Manager virus messing around with it.

How do I make sure that Akamaihd.net virus is gone?

Symptoms isolated to the browser are the tip of the iceberg. Akamaihd.net virus and its associated malware can gain a foothold in the Mac beyond redirect activity alone. The drawback of manual removal is that there might be hidden leftovers of the threat that will reinstall it after what seems to be a successful cleanup. This isn’t necessarily the case, but you may want to double-check if you are in the clear.
Consider scanning your Mac with Combo Cleaner, an optimization and security app with a decent track record. It’s lightweight, and it can detect all prevalent forms of Mac malware in a snap. Here’s the how-to:

  1. Download and install Combo Cleaner

  2. Wait for the tool to update its database of virus definitions and click the Start Combo Scan button.
    Combo Cleaner scan
  3. Open the Launchpad from your Mac’s Dock and click the Combo Cleaner icon to run the app. Wait for the tool to update its database of virus definitions and click the Start Combo Scan button.

    Click ‘Start Combo Scan’

  4. In addition to identifying malware and privacy issues, the app will inspect your Mac for junk files, duplicates, and large files you might no longer need. Deleting these redundant objects can release a good deal of disk space.

    Combo Cleaner scan

  5. Scrutinize the scan report. Hopefully, its results by the antivirus and privacy categories are blank and the verdict is “No Threats”, which means you are safe. If there are infections listed in the report, though, use the Remove Selected Items option to get rid of them.

LEAVE A REPLY

Please enter your comment!
Please enter your name here