CreativeSearch – Mac virus that might inject other malicious apps on your system

CreativeSearch is a potentially unwanted program that closely resembles malware

CreativeSearch is a potentially unwanted program that closely resembles malware

CreativeSearch is a potentiality unwanted application that changes web browser settings of Google Chrome, Mozilla Firefox, Safari, or another web browser and starts delivering unwanted advertisements. This potentially unwanted application typically targets Mac users, although it does not mean that Windows PC cannot be affected as well, as the application is typically spread via software bundle packaged and Fake Flash Player update prompts.

Once installed, the CreativeSearch virus changes the search engine to Safe Finder or another customized search tool and appends a new homepage as well. As a result, users have to search the web via a hijacked browser, which changes what type of websites they visit, as search results are always filled with sponsored links. While CreativeSearch hijacks web browsers, it also possesses some adware[1] qualities, as it delivers intrusive ads and tracks users’ web browsing activities for marketing purposes.

Name CreativeSearch
Type Browser hijacker, adware, Mac virus
Family This potentially unwanted application belongs to Adload malware family
Infiltration  These type of potentially unwanted apps spread via deceptive methods, such as software bundle packages acquired from third-party websites or fake Flash Player update prompts
Danger level Medium to high. Since this application uses a built-in script to install apps without permission in the background, it can install malware such as CrescentCore or Shlayer Trojan, resulting in further infections
Risks  Due to infection, users might be directed to spoofing, scam, or other malicious websites where they would be prompted to install other potentially unwanted or malicious applications, disclose their sensitive data such as credit card details, suffer from financial losses and even be affected by identity theft/fraud
Elimination  To get rid of CreativeSearch, as well as its secondary payloads, you should scan your Mac with powerful security software, such as SpyHunter 5Combo Cleaner or Malwarebytes
Optimization In case your machine is still running slow after malware termination, you should employ tools like Reimage Reimage Cleaner Intego to fix such issues for you 

CreativeSearch is a potentially malicious application that belongs to the Adload malware campaign and is a new addition to such threats like StudyGeneral, MainReady, DataQuest, and many others. This PUP family is relatively aggressive and can be considered as malware in some cases, as it makes use of AppleScript function in order to install apps without permission. Therefore, it is not uncommon for users infected with the CreativeSearch virus to see the activity of unknown software on their computers.

Just like malware, CreativeSearch is usually distributed via deceptive ways, and usually gets installed on macOS after users download freeware from insecure third-party websites or when they get tricked by fake Adobe Flash Player update prompt. These fake alerts can be encountered on a variety of websites, although those who are already infected with adware are more likely to land on a fake update or another scam message page.

However, this is not the only symptom of CreativeSearch infection exhibits – you can also encounter the following:

  • Unknown extensions or add-ons installed on the web browser;
  • Redirects deliver deceptive and malicious advertisements;
  • All visited websites are filled with pop-ups, deals, offers, promotions, coupons, and other intrusive ads;
  • Homepage and new tab address is set to Safe Finder or another rogue search engine;
  • Hundreds of unknown files reside on various parts of the machine;
  • Browser extension termination becomes impossible;
  • Unknown profiles established on the computer, etc.

Besides showing typical symptoms of the browser, search, and computer hijacking, CreativeSearch removal can also be hindered due to its persistence mechanisms. For example, the virus might establish new profiles or add entries to LaunchAgents, Application Support, and other folders.

Besides, a browser extension is typically installed with elevated privileges, which could result in “Managed by your organization” prompt. Here’s the description of the CreativeSearch or another malicious add-on installed on the web browser:

CreativeSearch 1.0

Permissions for “CreativeSearch”:

Webpage contents
Can read sensitive information from webpages, including passwords, phone numbers, and credit cards on all webpages

Browsing history
Can see when you visit all webpages

As you can see, the presence of potentially unwanted apps like CreativeSearch can result in the sensitive data leak, which is highly likely to be delivered to cybercriminals. If sold on the dark web, such information might cause monetary losses or even identity theft/fraud.

CreativeSearch virus
CreativeSearch is a malicious app that is typically spread via fake Flash Player update prompts

CreativeSearch virus
CreativeSearch is a malicious app that is typically spread via fake Flash Player update prompts

Unfortunately, dragging the suspicious app to Trash can hardly help you remove CreativeSearch and other malicious apps from your system. For this purpose, we advise using reputable anti-malware software and performing a full system scan. This way, all the malicious and hidden components will be deleted automatically.

Besides, due to the hijacker’s ability to download and install applications without permissions, users might also be infected with other Mac viruses that could cause significant damages, such as monetary losses, identity theft, sensitive data leak to cybercriminals, and much more.

Many users also noticed that their web browsers, as well as the computer, started to operate slowly after the CreativeSearch virus infection. This issue can also be fixed by uninstalling all the malicious apps. However, if issues continue, we recommend scanning your Mac device with Reimage Reimage Cleaner Intego. Additionally, if you are unable to terminate browser extensions, you should reset web browsers as explained below.

Potentially unwanted programs use deception to access your Mac

Macs are generally considered much safer machines than Windows PCs, as the former have built-in defenses such as Xprotect. However, according to security researchers, Mac malware outpaced Windows malware in 2019 by volume,[2] so users should not believe that Macs are immune to infections – especially adware.

Possibly the biggest problem to Macs is fake Flash Player updates. While the plugin is outdated, full of security vulnerabilities[3], and has been almost fully replaced by HTML 5 and similar technologies, it is so embedded in users’ minds as the only way to play multimedia online, that they still believe that it is much-needed software. Of course, cybercriminals are here to abuse this fact, and they often use social engineering for that.

Phishing messages are often placed on various malicious websites, and well-known attributes like the Flash logo are often used. Once users access this site, they can see a prompt asking them to download and install the latest version of Flash, allegedly to view the content of the website. However, what they usually download is adware or even malware, and, by accepting its installation, users allow the malicious app to take over the computer. Thus, never download the alleged updates via the pop-up messages on suspicious websites.

Additionally, you should not download apps from third-party sources in the first place. By default, Mac will ask you to enter your username and password – this a security measure to prevent unauthorized installation. However, if credentials are provided, malware can populate its files and settings without interruptions. Therefore, download apps from App Store or similar legitimate sources only.

Ways to eliminate CreativeSearch from your machine

While we do not recommend manual CreativeSearch removal, you can still try performing it if you wish so. However, dragging the app to Trash will not suffice, as it has multiple malicious entries within the system. First of all, you should check for malicious profiles by clicking on Preferences and then selecting Users&Groups > Profiles. Once there, delete all the profiles that you do not recognize.

CreativeSearch profile
To eliminate CreativeSearch, get rid of the established profile and other components

CreativeSearch profile
To eliminate CreativeSearch, get rid of the established profile and other components

After that, you should locate and delete the following files on your system to get rid of CreativeSearch virus:

~/Library/Application Support/com.CreativeSearch/CreativeSearch
~/Library/Application Support/com.CreativeSearchDaemon/CreativeSearch

However, we highly suggest you instead remove CreativeSearch with the help of reputable anti-malware software, as it can automatically eliminate all the malicious files for you. Besides, due to PUP functionality, it is advisable to check for other malicious programs that may have been installed on your system. Finally, if you still see unwanted extensions on your web browser, reset it as per instructions below.

You may remove virus damage with a help of Reimage Reimage Cleaner Intego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.