Taskfresh Mac Malware

Taskfresh is the name of a piece of malware affecting Mac computers. It combines functionality seen in both browser hijackers and fake system maintenance tools and will add an extension to your browser, whether you use Chrome, Safari or Firefox.

The way Taskfresh will commonly get onto a user's system is through bundle installers. Those are software bundles which may contain a legitimate piece of software, with a malicious add-on piggybacking along. Another way Taskfresh is distributed is through fake Flash Player updates that show up on malware-laced websites. None of those update messages originate from Adobe's legitimate service and have nothing to do with the real Flash Player, which has now been discontinued by Adobe and all content running Flash in your browser should be blocked by default, starting January 2021.

Taskfresh also has the ability to display fake "issue scanning" pop-ups that mimic the behavior of real system maintenance apps. Those fake scans will often cause major system slowdown, while the malware tries to convince the user their system is being thoroughly scanned.

In reality, Taskfresh has no system maintenance or tune-up capabilities. The purpose of the fake scan interface is to scare the user. Scans will always come up with hundreds of made-up issues in all areas of the system's performance. The goal of this fake scan is to scare the user into clicking a button to "fix" the fake issues. This only takes them to a page where they have to pay for the right to have their usually healthy system "fixed".

The Taskfresh application has no real capabilities to clean up storage space or fix any of the fake issues it displays. The goal is simply to lure the user into paying for the equally fake fixes.

Combining the fake system maintenance functionality contained in Taskfresh with its ability to hijack your browser's home page, change default search engines and redirect searches, it's easy to see why Taskfresh is classified as a malware.

You may find your searches are redirected to previously unknown and strange engines. This is also part of the changes Taskfresh makes without user permission to your browser. The usual reason for those redirects is that the operator of the browser hijacker has some sort of revenue sharing agreement with a group of advertisers.

The redirected search result pages will often contain ads and links to advertiser content that has nothing to do with the search query. If a user clicks those, this generates revenue for the operators of the hijacker.

Users should always be very careful with bundle installers and make sure no unwanted software slips in quietly, along with the main app of the bundle. Additionally, clicking on updates for popular software that do not originate from the official software developer's website.

May 24, 2021