Again PCVark changed their application to avoid detection to trick macOS users to download their app that was found spreading popups and adware.
The application is being installed using a deceiving technique. A fake Apple clone web site is presented to the end-user, telling him that the Mac is infected with x number of viruses and immediate action must be taken.
Because of the phishing spreading technique and deceiving information presented to the end user inside the application, we raised the level of detection from adware to malware.
CyberByte Antivirus is detecting this malware as Malware.MacOS.CMM
Indicators of infection:
~/Library/Application Support/Cleanup-My Mac
Format=app bundle with Mach-O thin (x86_64)
CodeDirectory v=20200 size=12800 flags=0x0(none) hashes=392+5 location=embedded
Authority=Developer ID Application: Bimal Sharma (WQZ6U6WDNS)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Signed Time=Mar 28, 2019 at 6:10:08 AM
Sealed Resources version=2 rules=13 files=562
Internal requirements count=1 size=224
VirusTotal Detection rate 1/57
CyberByte™ Antivirus for Mac is now ready to remove and protect your Mac against this adware.
Get your CyberByte™ Antivirus copy from https://mac.cyberbyte.org/download/CyberByte.pkg
CyberByte™ – part of CSD Cyber Smart Defence group of companies
Your Safety is Our Mission!