DataQuest – a malicious Mac application that is typically installed via fake Flash updates

DataQuest is malware that delivers other unwanted software behind users’ backs

DataQuest is malware that delivers other unwanted software behind users’ backs

DataQuest is an adware that reaches macOS users after they get trick to install fake Flash Player updates or during the installation of unsafe applications from third-party sites. The app belongs to belongs to the prominent Adload campaign – an interconnected network of malicious apps that abuse a built-in AppleScript to deliver additional malicious payloads without user notification. As a result, victims’ computers become more infected over time, and only proper computer cleaning can stop the background activities of the DataQuest virus.

Due to the stealthy activity of DataQuest and other applications that might have been inserted without permission, users might not notice the infection immediately. Nevertheless, some of the symptoms may be visible right away, such as modified web browser settings of Safari, Google Chrome, and Mozilla Firefox. As a result, users can face redirects to various scam sites, pop-up notifications from the macOS like “Utility will damage your computer,” increased amount of ads on all websites, a slowdown of the machine, suspicious extensions installed without permission, etc.

Name DataQuest
Type Mac virus, adware
Infiltration  Users might get infected with malware after being tricked by fake update prompts that are encountered on scam websites, or during the installation of freeware acquired from unsafe third-party websites
Symptoms  Symptoms of the infection might vary from person to person, although typical signs include unknown installed apps or/and extensions, slowdown of the web browser, redirects bring to unknown sites, ads show up on all visited websites, etc.
Risks  Installation of other malicious software without notification, unsolicited information gathering the background, financial losses due to unwanted activities
Detected as 

According to Virus Total, DataQuest is detected under the following names:[1]

  • Adware.Mac.Loader.17
  • Gen:Variant.Adware.MAC.AdLoad.1
  • Malware.OSX/Dldr.Adload.vyogi
  • Trojan-Downloader.OSX.Adload
  • Mac/Virus.Adware.3d4
  • Not-a-virus:HEUR:AdWare.OSX.Cimpli.k, etc.
Malware termination  You can try to get rid of the infection manually, although moving suspicious apps to trash might not be enough, as you will have to find all the malicious files yourself. Instead, you can employ anti-malware software to get rid of malware automatically 
Optimization To speedup your macOS and get rid of junk files automatically, employ optimization tool Reimage Reimage Cleaner Intego

Security researchers note that adware has been a growing threat to Mac users. According to experts’ reports, Mac malware is now outpacing Windows infection rate,[2], and one of the major portions of the infections belongs to adware. While DataQuest can be considered as ad-supported software, its distribution and operation methods are much closer to those of malware.

The principle of DataQuest virus activity is very primitive – it is concentrating on delivering users ads, such as pop-ups, deals, offers, banners, in-text links, coupons, and other commercial content. While in some cases, these ads might be marked by an app or a service it is being delivered from, it is highly unlikely to see “Ads by DataQuest” or “Powered by DataQuest” or similar indicators.

When DataQuest is trying to display ads, it will attempt to connect to unknown domains in the background. This way, the pop-ups, and other ads can be called up when users are browsing the web. This activity may considerably slow down the web browser, and some websites may fail to load entirely. If the slowdowns continue after DataQuest removal, are probably low on space due to funk files – you can get rid of those with tools like Reimage Reimage Cleaner Intego.

Although the symptoms of DataQuest infection vary, you may see the following signs of the infection:

  • Unknown browser extensions added on the web browser (often cannot be removed in a regular way);
  • Scareware apps like Advanced Mac Cleaner or Mac Cleanup Pro installed on the system;
  • The homepage, new tab address, and the search engine are set to something else;
  • Browser redirects bring to scam, phishing, spoofing, fake update, and similar dangerous websites;
  • Some websites might fail to load.

Besides these relatively obvious symptoms, there is a lot that the DataQuest adware can do in the background. One of the main activities that should be concerning is data gathering. Considering that the malware gains elevated permissions on the system, some of the browser extensions might be set to gather all the information you type into your web browser. Besides, adware also usually collects non-personally identifiable information as well, including the IP address, ISP, links clicked, sites visited, search queries, technical details, installed apps, etc.

DataQuest virus
DataQuest might insert intrusive advertisements on all visited websites and change web browser settings without permission

DataQuest virus
DataQuest might insert intrusive advertisements on all visited websites and change web browser settings without permission

You should remove DataQuest from your machine as soon as possible, as its deceptive operation might lead to multiple severe consequences, including monetary loss, privacy issues, or even identity fraud. Keep in mind that the app might also be a sign that other threats are already present on the machine, including the notorious Shlayer Trojan.

Ways to recognize fake updates and other tips on how to avoid adware and malware on Macs

For many years, Mac power users and even IT experts claimed that Mac malware does not exist, and there is no need to employ any third-party security tools in order to protect it. According to them, the built-in defenses like GateKeeper and XProtect are more than enough – and they would be correct several years ago. Most of Mac malware nowadays utilize various techniques to bypass these defenses, such as using fake digital signatures that would circumvent GateKeeper’s functionality. Additionally, users can always grant permission for malicious files to make changes to the system once they are tricked by a sophisticated phishing alert online.

Thus, it is important to know how Mac malware spreads in order to avoid it in the future. Two main methods are used by cybercriminals:

  • Fake Flash updates. This technique is well-known to cybersecurity experts and many regular users, as it has been employed for years. Flash is a plugin that allowed multimedia to be delivered to users from various sites, and they would often see the “Flash required” prompts everywhere. While the technology was long replaced by HTML 5 in 2014, and practically all websites got rid of the flawed Flash Player.[3] Nevertheless, because the plugin is so embedded in users’ memories, they still believe that they need it. All in all: do not ever click on Flash update prompts on various sites, as they are fake, and you do not need the plugin as a regular user in the first place.
  • Software bundles. Apple Store currently holds more than 1.8 million applications, so there is a good reason to limit downloads from there. Nevertheless, third-party sites often host installers that compile multiple programs – these are often deliberately hidden using various techniques, such as pre-ticked boxes, misleading deals, etc. Thus, always pick Advanced/Custom settings instead of Recommended/Quick ones and get rid of ticks that would otherwise allow the installation of media players, extensions, and other unwanted programs.

DataQuest distribution
In most cases, users get infected with DataQuest malware after they get tricked by fake Flash Player update

DataQuest distribution
In most cases, users get infected with DataQuest malware after they get tricked by fake Flash Player update

Get rid of DataQuest malware

To remove the DataQuest virus from your machine, taking it to Trash will most likely not suffice. In some cases, you might not even find the app inside the Applications folder at all, as it can be functioning with the help of other persistence techniques. Some malicious files that are dropped on Mac can continue the unwanted activities even after the main app is terminated. Therefore, to get rid of the adware manually, you should also check the following locations for suspicious .plist and other files:

Library/Application Support

If you do not want to tamper with files inside your computer, you can perform automatic DataQuest removal with the help of security software. Simply download reputable anti-malware on your system and perform a full system scan – this will also eliminate all the underlying threats you might not be aware of. Finally, reset all the installed web browsers in order to eliminate unwanted browser extensions or settings.

You may remove virus damage with a help of Reimage Reimage Cleaner Intego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.

This entry was posted on 2020-03-24 at 04:23 and is filed under Mac Viruses, Viruses.