SearchMainInfo – adware designed for macOS that also changes web browser settings and reads personal information

SearchMainInfo Mac virus
SearchMainInfo is a Mac virus that abuses AppleScript to gain elevated permissions on the system

SearchMainInfo Mac virus
SearchMainInfo is a Mac virus that abuses AppleScript to gain elevated permissions on the system

SearchMainInfo is a potentially unwanted application that is typically downloaded via fake Flash Player update prompts or software bundle packages downloaded from insecure torrent websites. In other words, users do not download this adware on their Mac computers on purpose, but it rather is installed behind their backs. The virus belongs to a well-known Adload malware family that includes such apps like MainReady, AgileHelp, IdeaShared, and many others, and targets macOS users exclusively. SearchMainInfo abuses the built-in AppleScript in order to acquire elevated permissions on the system, which would allow the app to read sensitive information and install other malware without permission.

Name SearchMainInfo
Type Mac virus, adware, Trojan
Malware family Adload
Targeted systems macOS, Mac OS X
Distribution All applications delivered by this campaign use unfair distribution practices that are more common to malware. Users can get infected after downloading software cracks and similar unsafe software from torrent/warez websites or after being tricked by a fake Flash Player update prompt
  • SearchMainInfo extension installed on Google Chrome, Safari, or another web browser
  • Homepage and new tab address is set to or another suspicious URL
  • Unknown applications installed without permission
  • Difficulty when trying to eliminate the extension and other malicious apps
  • Search results are filled with sponsored links and ads
  • Redirects lead to ad-filled, phishing, scam, or malware-laden sites
Dangers Infection of malware such as CrescentCore, sensitive information disclosure to unknown parties/cybercriminals, financial losses, identity theft
Elimination The best way to get rid of malicious applications is by employing a powerful security application such as SpyHunter 5Combo Cleaner. Nonetheless, we also provide manual removal steps below
System optimization Adware and malware can oftentimes significantly reduce the performance of the infected computer. In case issues arise post-infection, we also recommend resetting the installed web browsers and perform a full system scan with Reimage Reimage Cleaner Intego

SearchMainInfo gains access to users’ computers without permission, hence not everyone can immediately notice it installed. Visually, the PUA appends a browser extension to Safari, Google Chrome, or Mozilla Firefox, which can read such data like passwords collected via the web browser. Additionally, the developers of the SearchMainInfo virus also monetize on ads by setting the homepage to (in some cases, Yahoo or Safe Finder is used as well) and redirect all searches via 

As a result, users see pop-ups, in-text links, banners, deals, offers, coupons, and other commercial content on a regular basis. Besides, homepage modification ensures that all the search results are modified, i.e., filled with sponsored links that direct users to random websites. In some cases, however, SearchMainInfo redirects or ads might lead to scam, malware-laden, phishing, spoofing, or another type of malicious websites.

However, web browser modifications and intrusive advertisements are just one of many problems that SearchMainInfo hijack might bring. Since the app abuses built-in scripts, it can grant itself elevated permissions, which would allow it to perform actions without asking for user approval first. Such changes are also often used to prevent SearchMainInfo removal, as multiple malicious .plist files are dropped on the system.

SearchMainInfo adware
SearchMainInfo is adware application that changes web browser settings and appends an unwanted extension that can read personal data

SearchMainInfo adware
SearchMainInfo is adware application that changes web browser settings and appends an unwanted extension that can read personal data

The best way to remove SearchMainInfo is by scanning the machine with powerful anti-malware software. This way, you will be able to eliminate the malicious entries automatically and won’t have to dig through files and folders. Besides, while many users claim that Macs don’t need extra protection, security experts advise the complete opposite.[1] Zero-day exploits (software vulnerabilities that have not been patched by Apple yet and exploited in the wild) are prime examples that every macOS needs third-party protection. 

Note that security software is the most efficient way of protecting your computer from viruses. SearchMainInfo can be detected by multiple security vendors as follows:[2]

  • Gen:Variant.Adware.MAC.Rload.5
  • A Variant Of OSX/TrojanDownloader.Adload
  • Trojan-Downloader.OSX.Adload
  • Not-a-virus:HEUR:AdWare.OSX.Cimpli.k
  • Mughthesec (PUA)
  • Adware.Mac.Loader.17

If you want to get rid of SearchMainInfo manually, we provide the instructions for that as well. In such a case, you are highly recommended resetting all the installed web browsers and scanning the machine with Reimage Reimage Cleaner Intego for the best results.

Mac malware is a serious thereat: learn to avoid unwanted apps that clutter your system and reduce its security

Adware, potentially unwanted programs such as scareware, as well as malware, are increasing threats to Mac systems. Kaspersky security researchers discovered that one in ten Macs are infected with Shlayer Trojan,[3], and Malwarebytes experts concluded that Mac malware is being developed at a more rapid pace than Windows malware.

As mentioned above, Adload apps are usually delivered via fake updates. The trick is usually used by malware or scareware developers to make users believe that something is missing from their computers (Adobe Flash) or that the computer is infected with viruses. Flash Player is an obsolete component currently, as many modern browsers use different technology to display multimedia content. Unfortunately, many are not aware of that and still believe that Flash is needed for certain websites to be displayed. 

These claims are nothing but a hoax, and you should never download anything that is offered to like that via the web browser, as you can infect your machine with very nasty malware. Flash Player is being shut down by Adobe at the end of 2020, and no more security updates will be available – just another reason to get rid of this useless plugin.

Additionally, we strongly advise you to stay away from third-party sources that allow you to download pirated software or software cracks. Both of these can be dangerous, so you should always stick to Apple Store or other reputable sites when looking for new apps to install. If you choose third-party sources for your downloads, make sure you always read the installation instructions properly and pick Advanced/Custom settings when prompted.

SearchMainInfo spread via fake Flash updates
SearchMainInfo is mostly spread via fake Adobe Flash Player installers

SearchMainInfo spread via fake Flash updates
SearchMainInfo is mostly spread via fake Adobe Flash Player installers

Get rid of SearchMainInfo and other malicious apps

As mentioned above, it is best to avoid computer infections in the first place, so you would not have to deal with SearchMainInfo removal and its consequences. Nonetheless, if you believe that you are infected, we recommend you take this matter very seriously, as you can end up suffering from financial losses or even identity theft.

To remove SearchMainInfo, you can employ reputable anti-malware software and perform a full system scan – we suggest using SpyHunter 5Combo Cleaner or Malwarebytes. This way, you will be able to eliminate all the unwanted and leftover components automatically. Nonetheless, if you do not wish to install other apps on your Mac, you can also uninstall the SearchMainInfo virus manually as well. For that, you should access the following locations and delete all the malicious files:

  • System Preferences > Accounts> Login Items
  • System Preferences > Users&Groups > Profiles
  • ~/Library/LaunchAgents
  • ~/Library/Application Support
  • ~/Library/LaunchDaemons

To ensure that the elimination of the extension is also successful, you should reset all the installed web browsers, as we explain below.

You may remove virus damage with a help of Reimage Reimage Cleaner Intego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.

The government has many issues in regards to tracking users’ data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet. 

You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.

Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.

Computer users can suffer various losses due to cyber infections or their own faulty doings. Software issues created by malware or direct data loss due to encryption can lead to problems with your device or permanent damage. When you have proper up-to-date backups, you can easily recover after such an incident and get back to work.

It is crucial to create updates to your backups after any changes on the device, so you can get back to the point you were working on when malware changes anything or issues with the device causes data or performance corruption. Rely on such behavior and make file backup your daily or weekly habit.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware occurs out of nowhere. Use Data Recovery Pro for the system restoring purpose.

This entry was posted on 2020-06-25 at 09:18 and is filed under Mac Viruses, Viruses.