The Mac app called BeAware might pose risk to one’s privacy, so it comes as no surprise that its proliferation is backed by a shady bundling scheme.
Update: December 2019
|Name||BeAware (BeeAware) adware|
|Category||Mac adware, popup virus, potentially unwanted app|
|Symptoms||Displays bogus software update warnings, redirects web browser to third-party websites, adds sponsored content to web pages, causes system slowdown|
|Distribution Techniques||Booby-trapped app bundles, fake Adobe Flash Player update popups|
|Damage||Unwanted changes of custom browsing settings, privacy issues due to Internet activity tracking, search redirects, redundant ads|
|Removal||Scan your Mac with Combo Cleaner to detect all files related to the browser hijacker. Use the tool to remove the infection if found.|
It’s such a nuisance when uninvited and unannounced software suddenly appears on a computer and starts displaying fishy content. For instance, most people know how irritating adware popups can get. The BeAware app by SecureTee is like that, but only partially. It makes its way into a Mac furtively, but rather than annoy the victim it silently runs in the background and performs some kind of surveillance. One more thing on the minus side of this applet is that it siphons off quite a bit of the host Mac’s CPU power, slowing it down to a crawl at times. This is strange, given that the application only takes up about 750 KB disk space, and an object as lightweight as that shouldn’t be a memory hog. Such a discrepancy might be a telltale sign of malware activity aimed at concealing the misdemeanors from the victim. So, is this one clearly malicious or is it just another junkware that sits there and doesn’t do anything particularly harmful?
With all of the above adverse effects in place, the only way most people realize the BeAware virus is on board their computer is by looking in the Launchpad and discovering the entity there. While these users are at their wit’s end trying to recall the installation, these mental efforts are futile because BeAware sneaks inside without proper notification. The infiltration is most likely to take place according to a bundling logic. It means that the would-be victim unwittingly ‘catches the digital cold’ while installing something ostensibly unrelated. It can be a free media player or the latest version of widespread software, such as a booby-trapped Flash Player update hosted on dodgy websites. This tricky scenario presupposes that the legit application is accompanied by a potentially unwanted item like BeAware.
Like it has been mentioned, the culprit in question doesn’t manifest itself too conspicuously when running on an Apple Mac computer. There are hardly any red flags except occasional spikes in memory usage some people might overlook. Furthermore, only security-savvy users will take notice of the pest in the Launchpad. This stealth, to a certain extent, is a derivative of the goal pursued by BeAware virus. It harvests various sorts of information, including system details, IP address, location details, browsing history, and online forms being filled out. When in possession of the wrong individuals, this data can be an instrument for conducting spear phishing attacks and identity theft. Another drag related to this app is that every time the infected user tries to uninstall it by regular means, they get a dialog message saying, “BeAware cannot be deleted because it’s in use”. While this seems like a big obstacle to eradicating the culprit, there is a workaround that makes this process smooth. Keep reading to learn what it is.
It’s worth mentioning that lots of Mac users are having a hard time dealing with BeeAware (note the double “e”), a similar-named PUA (potentially unwanted application) that acts much more aggressively. It’s hard to say whether the origins of these two programs overlap in any way other than the nearly identical denominations, but the victims often associate them with one another. BeeAware is a classic adware application that messes around with one’s browsing experience in several ways. First off, it displays sponsored content labeled “Ads by BeeAware” on websites where none of such advertising materials belong.
Secondly, it adds a malicious extension called “Search Manager” to the user’s preferred browser, thereby redirecting Internet sessions to unwanted sites such as srchbar.com. The unsolicited landing page, in turn, forwards the traffic to Yahoo Search. The sketchy app may additionally install a trojanized version of the Chromium browser with hard-coded rogue settings and make it the default one so that the user is stuck with the redirect loop. And thirdly, BeeAware virus triggers annoying Software Update alerts that say a new version of the app is available and instruct the victim to download it. Meanwhile, there can be other threats lurking behind the OK button on these dialogs. Ignoring these symptoms isn’t a good idea because the attack will likely get worse unless the source of the problem is eradicated.
BeAware virus manual removal for Mac
The steps listed below will walk you through the removal of this potentially unwanted application. Be sure to follow the instructions in the order specified.
- Open up the Utilities folder as shown below
- Locate the Activity Monitor icon on the screen and double-click on it
- Under Activity Monitor, find the entry for BeAware, select it and click Quit Process
- A dialog should pop up, asking if you are sure you would like to quit the BeAware executable. Select the Force Quit option
- Expand the Go menu in Apple Finder and select Go to Folder
- Type or paste the following string in the folder search dialog: /Library/LaunchAgents
- Once the LaunchAgents directory directory opens up, find the following entry in it and move it to the Trash:
- Use the Go to Folder lookup feature again to navigate to the folder named ~/Library/LaunchAgents. When this path opens, look for the same entry (see above) and send it to the Trash
- - Similarly, go to the ~Library/Application Support folder. Locate and move the following entry to the Trash:
- Click the Go button again, but this time select Applications on the list. Find the securetee.BeAware entry on the interface, right-click on it and select Move to Trash. If user password is required, go ahead and enter it
- Now go to Apple Menu and pick the System Preferences option
- Select Accounts and click the Login Items button. The system will come up with the list of the items that launch when the box is started up. Locate BeAware there and click on the “-“ button
Use automatic tool to uninstall BeAware virus from your Mac
The Mac maintenance and security app called Combo Cleaner is a one-stop tool to detect and remove BeAware virus. This technique has substantial benefits over manual cleanup, because the utility gets hourly virus definition updates and can accurately spot even the newest Mac infections.
Furthermore, the automatic solution will find the core files of the malware deep down the system structure, which might otherwise be a challenge to locate. Here’s a walkthrough to sort out the BeAware issue using Combo Cleaner:
- Download Combo Cleaner installer . When done, double-click the combocleaner.dmg file and follow the prompts to install the tool onto your Mac.
- Open the app from your Launchpad and let it run the update of malware signature database to make sure it can identify the latest threats.
- Click the Start Combo Scan button to check your Mac for malicious activity as well as performance issues.
- Examine the scan results. If the report says “No Threats”, then you are on the right track with the manual cleaning and can safely proceed to tidy up the web browser that may continue to act up due to the after-effects of the malware attack (see instructions above).
- In case Combo Cleaner has detected malicious code, click the Remove Selected Items button and have the utility remove BeAware threat along with any other viruses, PUPs (potentially unwanted programs), or junk files that don’t belong on your Mac.
- Once you have made doubly sure that the malicious app is uninstalled, the browser-level troubleshooting might still be on your to-do list. If your preferred browser is affected, resort to the previous section of this tutorial to revert to hassle-free web surfing.
BeAware is a potentially unwanted application homing in on Mac computers. It is a sneaky threat both in terms of the distribution and the activity in a host system. The main risk is that the app harvests the infected user’s personal information such as account credentials (usernames and passwords), credit card numbers, browsing history, and details like IP address as well as macOS version. BeAware is doing the rounds through bundles of several programs where the only clearly disclosed item is a piece of benign software, the baddie being concealed beneath the ‘express’ installation option. Phony Adobe Flash Player updates are among the frequently reported schemes serving this pest. With this tactic in place, users don’t realize they are allowing more than one app to infiltrate their Macs and find out about its presence by discovering a new entry in their Launchpad.
There is also an adware sample called BeeAware spreading via the same technique. Aside from the slightly different spelling of the name, it operates in a more straightforward fashion. The symptoms are mostly isolated to the disruption of the victim’s preferred browser. BeeAware embeds “Search Manager” add-on in Chrome, Safari, or Firefox without asking for permission. This entity controls default browsing settings and inserts ads into visited web pages. No matter which version of the app you are faced with, it should be uninstalled without delay.
The obvious way to handle any unwelcome application is to remove it. In the case of BeAware or its nastier copycat BeeAware, it’s easier said than done. Every time you try to drag the app to the Trash, an alert will pop up saying, “BeAware cannot be deleted because it’s in use”. Since this object is a strain of adware, the message makes sense because persistence is the usual thing for such culprits. Although this is an obstacle to removal overall, it’s actually a clue that may help get rid of the PUA.
To stop the app from being in use, go to the Utilities on your Mac and open the Activity Monitor. Then, examine the list of processes currently running – your objective is to find the BeAware entry. Once you spot it, go ahead and click the Quit Process button in the upper left-hand part of the Activity Monitor pane. If the infection still prevents you from trashing it after its process has been terminated, then go to the Login Items and look for the malicious object there. Once the bad configuration profile is found, click the “minus” button. You should now be able to go the regular uninstall route and get rid of the adware for good.
Whereas this is the exception rather than the rule, Apple might actually let you know about a possible risk in some scenarios. Gatekeeper, an out-of-the-box security feature aimed at supervising the processes being executed on a Mac, is the main system component that may alert you. This happens when an application doesn’t pass the basic security checks or its code has been changed significantly since it was last reviewed for compliance with developer guidelines. Some of these warning dialogs encourage you to exert caution with a suspicious app, allowing you to keep using it at your own peril. Some notifications are much more stringent, saying that the process will damage your computer and you should move it to the Trash immediately – in this case, you can’t continue to use the known-malicious program.
With that said, browser alerts about viruses detected on your Mac are scams that have nothing to do with Apple. Unfortunately, this is a very common technique for disseminating harmful code in the Mac environment. An example of a large-scale social engineering campaign following this logic is the hoax based on popup warnings that go, “Your Mac is infected with 3 viruses”. This way, cybercriminals attempt to fool users into downloading and installing a scareware program like Advanced Mac Cleaner.
To recap, Apple doesn’t display virus notifications in a web browser, so if you see such a popup on a site – just ignore it and close the tab without a second thought. Keep in mind that valid alerts generated by macOS protection components will never recommend you install any third-party software to fix an issue.
No, macOS updates proper aren’t supposed to specifically address virus attacks. They usually include security patches and improvements, though. For example, the recent Catalina 10.15 update called forth a good deal of fuss about an obvious overhaul of the built-in algorithm for blocking suspicious code. Numerous users who had been unaware of viruses on their Macs prior to the update suddenly started getting a slew of popups about harmful processes that raised red flags. These alerts would say, “[App name] will damage your computer. You should move it to the Bin”, providing no option to keep the program running any longer. Essentially, updating your Mac does not remove viruses, but it can enhance security features and help you keep tabs on the protection status of your machine.