For the last few months, some Mac users have been finding their Safari infected with a suspicious application – a browser extension with a gree-and-while icon and an extremely generic name, in this case – ProductEvent. This mysterious application is often noticed as it finishes installing, despite users never agreeing to install this thing. It’s suspected of being a password stealer but the effects that the ProductEvent add-on has on people’s Macs are very disruptive and annoying even beyond that.
Productevent Mac Virus quicklinks
- ProductEvent is malware for Safari
- How to remove the magnifying glass add-ons
- How browser hijackers spread
- Automatic Malware removal tools
ProductEvent is malware for Safari
ProductEvent is a Safari extension as well as an application called “ProductEvent.app. It’s only one name of many applied to these magnifying glass viruses. They all behave the same way and ProductEvent might change its name as time goes. It’s still basically the same threat, though. Although this distribution of the malware makes it difficult to glean the real impact of the ProductEvent family of malware, there are enough reports in Apple’s forums to show that it’s a real and sustained attack on Mac users.
ProductEvent is a malicious browser add-on that’s being reinstalled by files hidden on your system:
|Type of threat||
|Sources of the infection||
These add-ons have some suspicious features:
- ProductEvent got installed without the consent of the user, sometimes after a software update.
- The add-on is tricky to remove and might consist of an application component and a Safari add-on component. Sometimes one of these add-ons is replaced with another one.
- ProductEvent requires a lot of intrusive extension permissions, including the ability to see everything you do on any website (things like passwords are also visible to the browser add-on).
- Once ProductEvent or one of the other add-ons is installed, pop-ups and redirects might start appearing in the browser, the browser and other applications might crash.
- Despite being so powerful, the browser extension is easy to miss because it looks like a default system application.
To mention a couple of other versions of ProductEvent that we’ve written about, there’s AssistEngine, DisplayUpdate, ApplicationEvents. The known list of the extensions is at least a few dozen entries and they all have very bland names and appearance, often they have “1.0” tacked on their name, for example, “ProductEvent 1.0”. This is meant to make them look like default system applications that you aren’t supposed to mess with. The extremely bland icon helps complete the boring look.
The symptoms of one of these strange Safari extensions are anything but boring. Some that were reported sound extremely intrusive and distracting:
- Email applications don’t work, crash, or are broken in some other ways.
- The keyboard and mouse stop responding.
- A blank screen appears.
- Safari stops opening new websites until the whole system is restarted.
- Other browser hijackers get installed (for example, default search changes to Yahoo).
- The browser is slow and sluggish.
Some of these symptoms are invoked when you refuse to agree to install ProductEvent, which it does anyway. Despite looking somewhat innocent, and even if you don’t see the bad symptoms, these magnifying glass extensions and applications are bad news. ProductEvent can manipulate Safari to behave like adware, opening new tabs with advertisements and displaying intrusive pop-ups. They might steal your passwords, usernames, payment information, and other data. In fact, that’s their suspected goal. It’s advisable to not use the infected browser until you have removed ProductEvent for good.
How to remove the magnifying glass add-ons
And it’s not easy to uninstall because simply removing it from Safari’s list of extensions doesn’t permanently get rid of it – the malware comes back a few days or even hours later. So, manual removal is nothing but a very temporary reprieve from the destructive malware.
In fact, there are files hidden on your system that need to be rooted out to permanently get rid of ProductEvent. The best thing to do in this situation is to scan your computer with a strong antivirus tool. Combo Cleaner is recommended, but any competent Mac security program will work. Scan your computer and review the results; if threats – malicious applications or files – are found, they need to be deleted and you might be able to use the antivirus tool, or delete them manually. Just be careful of PUPs like Smart Mac Booster and MacEntizer because these applications can only cause more problems in the future.
If you’re concerned that the magnifying glass extension stole your passwords or some other data, make sure to change them once the computer is clean. Turn on 2-step verification everywhere. And watch your bank account for unauthorized charges; if anything suspicious happens, don’t hesitate to contact your bank.
How browser hijackers spread
Malicious browser extensions can be very powerful: they can extract your personal information that’s saved in the browser and, knowing how much extremely important stuff we do on the browser, it’s important to only allow trusted applications in. Since users never even agreed to install ProductEvent, this is not just a case of careless installation – deception and social engineering was used.
One of the suspected ways that ProductEvent and its siblings make it onto Macs is through fake software updates. Plenty of malicious websites out there show fake update alerts that end up installing malware. Fake Flash Player updates, Java update pop-ups, various fake virus alerts – pages like this are used to push malware to Mac users. The ProductEvent installation may be delayed by a few days, making it difficult to track down exactly what caused it, but more than one victim of ProductEvent and other magnifying glass malware have mentioned updating their software before noticing the infection for the first time.
Besides that, other browser extensions might be responsible for downloading ProductEvent. Some extensions are malicious and before they’re ever caught and removed from web stores, they manage to deal plenty of harm to innocent users. Innocent extensions might also be hijacked by fraudsters to spread malware. You might need to review your browser extensions and disable any that are suspicious.
Finally, ProductEvent could have come packaged with some innocent-looking software, such as a Mac utility, a PDF reader, a photo editor. Including malware with plain freeware is a way for the developers and distributors of that freeware to make some money, however, the included software often turns out to be dangerous.
Automatic Malware removal tools
How to remove ProductEvent Mac Virus from Safari:TopRemove malicious extensions
- Click on Safari menu on the top left corner of the screen. Select Preferences.
- Select Extensions and uninstall ProductEvent Mac Virus and other suspicious extensions.
- If your homepage was changed, click on Safari menu on the top left corner of the screen. Select Preferences and choose General tab. Enter preferable URL to the homepage field.
- Click on Safari menu on the top left corner of the screen. Select Reset Safari…
- Select which options you want to reset (usually all of them come preselected) and click on the Reset button.