MacKeeper and the King of Thieves

Stuart Ashenbrenner

Apple Technician/Security Researcher

January 4, 2017

MacKeeper and the King of Thieves

Rub the magic lamp and a Genieo pops out

Leonardo DiCaprio was incredible in the blockbuster hit

Inception

, but if he starred in a movie about MacKeeper, it would be called, “Deception,” and the late, great Robin Williams would voice the Genie…o. Don't worry, I'll explain that bad joke later.

Before we dive knuckles deep into a pile of MacKeeper, we should first give some background on the product. MacKeeper, formally owned by ZeoBIT and currently owned by Kromtech Alliance, according to their website, mackeeper.com, MacKeeper is “a choice of millions and the best application for cleaning, security and performance optimization for Mac OS X.” 

The company initially released in May of 2010, and they are

amazing...

at marketing. They sell themselves as a security company and/or application, but after hours and hours of testing MacKeeper, we have found it does the

exact opposite. 

MacKeeper’s former owner, ZeoBIT, settled a class action lawsuit for $2 million, stating that customers who purchased MacKeeper before 8 July 2015 can apply to get a refund through MacKeeper. Let me put it this way, Kromtech sent a cease and desist letter to a 14-year-old who made a “harassing” or “slandering” YouTube video. They’re a great company, as I’m sure you can tell *he said with heavy sarcasm*.

Lastly but definitely not least, we can’t talk about MacKeeper without mentioning their database breach. With security breaches like Yahoo, HBGary, and Ashley Madison, the MacKeeper breach kind of got swept under the rug.  You’d think a “security company” would be able to withstand a breach. It would be as if you walked into a coffee shop, ordered a coffee, and they handed you a plate with cereal and a spatula. All you could ask is, “Wait…what?” That is the only way to look at this debatably garbage MacKeeper program. When was the last time Kaspersky, Palo Alto Networks, or McAfee got hacked? That’s what I thought. This breach exposed MacKeeper customers’ usernames, passwords, and other personal information. And listen to this - the person who found this flaw in MacKeeper’s security doesn’t even own a Mac! Unbelievable.

So what does MacKeeper do exactly if it isn’t actually helping your system? It’s actually a pretty good question. Well, it’s hogging your CPU and RAM/memory, which in layman’s terms, mean that it is bogging down your machine and making it run slower. I have experimented with MacKeeper on numerous occasions by installing it on a fresh machine. “Fresh” meaning that I installed the operating system and NOTHING else. As seen below, MacKeeper is already taking a relatively substantial amount of my memory simply by being installed.

But guess what *heavy sarcasm ensuing again*?!!?!? MacKeeper has a 24/7, around-the-clock helpdesk that assists you with your initial scan (if you’ve never used MacKeeper before). This scan will “expose” all of the security flaws in your computer, and it will also show you how to clean up your computer. They may tell you that your memory is wayyy too full. Let’s set the record straight on “memory.” Your computer’s memory is good if it is being used. It is like horsepower in a car. What’s the point of having a lot of horsepower if you don’t use it? Additionally, your memory is wiped clean each time your reboot your machine, hence the reason if your computer turns off while you’re typing a document and didn’t save it, you’ll likely lose that data, because the unsaved data was being stored in your RAM (another term for “memory”). From what I’ve gathered, MacKeeper uses what appears to simply be scare tactics. After their “scan,” they attempt to con you into purchasing their “services” for a cheap $142.80 if you pay for two years up front, according to the MacKeeper website.

And if you’ve been one of the many people who have thought, “I have MacKeeper, and my machine does seem to be running pretty slow,” you are not alone. I meet multiple people daily  battling issues with computer performance. You’d be floored by how many of those are related to MacKeeper or programs similar to MacKeeper. And by similar, I mean that they claim to speed up your computer, and the results of their program are subpar at best, infectious at worst. Many people have fallen victim to the MacKeeper false promises. If you don’t believe me, simply type “MacKeeper” into a Google search.  

The scam that is MacKeeper has been coming further to the forefront of conversation in recent years in discussions of Known-Bad-Software (KBS) or, as some refer to them, Potentially-Unwanted-Programs (PUPs).  Even arguably the most highly regarded Apple malware defense programs, Malwarebytes, sees MacKeeper as a PUP. MacKeeper digs itself deep into the recesses of your computer. 

Take their uninstall process for example. I followed their instructions to the letter. They even have a tab on their website that literally says “Uninstall.” It directs you to their “How-To” page.

Looks simple enough right? Oh, but you are wrong. Doing MacKeepers version of removal takes away the MacKeeper.app, which is only the application. When I drag and dropped the MacKeeper application into a separate application titled

AppCleaner

, a program I highly recommend for cleaning out unwanted programs, it found fifteen separate files. 

So MacKeeper is keeping programs on your machine, even after you “uninstall” it using their own instructions. MacKeeper loves to stash their small files all over your machine. Even at the root level of your device, their are hidden folders; hidden for your own safety, as you shouldn't tamper  with them unless you have a firm grasp of what you are doing. MacKeeper buries their files deep within your hidden folder titled /

var

. If you keep digging into the /var folder, you eventually arrive at a subfolder titled

receipts.

This is where MacKeeper decided to place its leftovers. Leftovers after Thanksgiving - good. Leftovers after a MacKeeper uninstall - bad. 

It seems that some of the biggest surprises to people who have MacKeeper on their computer is how it got there.

“I never downloaded that,” they say. And you know what, I tend to believe them. 

MacKeeper is one of those pieces of software that comes bundled with other garbage applications or programs, most often when the original software is being torrented. You think you’re downloading that new movie starring Jennifer Aniston to see if she’s gotten more plastic surgery on her lips, and before you know it, MacKeeper is running and telling you it found 6,053 issues with your machine. 

MacKeeper isn’t the only program that comes bundled with torrented software. Another huge malware-infested program called Genieo is also very common (hence the cheesy name at the beginning - see, I’m tying it all together).

So how do I get rid of it?

That is a question that a huge majority of MacKeeper users eventually ask.

AppCleaner

is a great application, but be very careful when using it. Another very popular piece of software, and I think my favorite adware scanner, is called

Malwarebytes for Mac

. It sees MacKeeper for what it is, a Potentially Unwanted Program. Just to clear the air, it is an unwanted program. No need to even say “potentially.” Virus scanners like

ClamXAV

will flag the program as well.

Even with these anti-virus programs, as mentioned earlier, MacKeeper is frequently bundled with other software, so I always recommend taking it to an Apple Authorized Service Provider (AASP) for assistance. Your security is of the upmost importance, and if you’ve watched the news in the past six months, I think you’ve seen the influx of data dumps and stolen information. If you think you’ve been scammed, duped, or conned into anything, don’t hesitate to ask.