Whereas the legitimacy and usefulness of Microsoft’s Bing search engine are out of the question, cybercriminals have been abusing it to smokescreen their foul play for years. When browsing different security forums and the official Apple Support Communities, you may come across numerous threads where Mac users report redirects to Bing.com for ostensibly no apparent reason.
The issue has reached unnerving heights over time, and the underlying infection has gained notoriety for being extremely persistent. This article will give you insights into this Mac threat so that you can get an idea of the attack chain, the crooks’ motivation, and the ways to get rid of this nasty.
Bing redirect – red flags to look out for
The symptoms of this strain are hard to miss, so it will definitely give you a heads-up once on board your Mac. The redirect occurs every time you run a web search via the URL bar in Safari, Google Chrome, or Firefox. This is a cross-browser infection, which means you are potentially at risk as long as you use any of the above browsers.
The victim’s searches are forwarded to Bing.com regardless of the search provider set as the default one. The culprit is designed to override custom web surfing settings without asking for the admin’s consent. Many users plunge headlong into looking for some intrusive third-party browser extension that might be causing these unauthorized tweaks, but these attempts are to no avail.
Instead of installing an aggressive add-on behind one’s back, the operators of the Bing redirect campaign go the route of creating a rogue configuration profile that has a pervasive system-wide impact on the host Mac. This profile is to blame for putting the adverse changes into effect, plus it makes the search preferences in the victim’s default browser grayed out so that it’s impossible to edit them manually.
What are the goals of Bing redirect Mac virus?
At first sight, the tactic of hijacking a web browser and sending the user’s traffic to Bing may not make a whole lot of sense. However, there is a subtle characteristic of this attack that explains the malefactors’ efforts.
Whenever the redirect is underway, you may notice your browser resolving a number of unfamiliar domains such as SearchBaron.com or SearchMarquis.com before ending up on the destination site. These entities redistribute the traffic in a flexible way so that it hits a series of advertising networks and the crooks rake in ad revenue.
The in-between URLs are only visible momentarily in the status bar at the bottom of the browser window. With that said, the role of Bing in this scheme is trivial – it cloaks the dubious gist of the attack to a certain extent, making it look like you are dealing with a browser misconfiguration glitch rather than a malware infection.
Attack vectors
If you are experiencing these adverse effects, it means you fell for a booby-trapped app installation trick at some point. The Bing redirect virus is distributed through bundling, a technique that promotes potentially unwanted programs under the guise of something benign. For example, you may have clicked on a bogus Adobe Flash Player update pop-up when browsing, only to unknowingly allow the malicious object to infiltrate your Mac under the same umbrella.
The pest may also accompany scareware programs such as Mac Cleanup Pro or Mac Auto Fixer. These pseudo optimization tools claim to improve your computer’s performance by cleaning up a ton of redundant data that supposedly takes too much disk space. In fact, though, they exaggerate the issues to dupe the victim into buying their license. The authors of these dodgy utilities often drop the Bing redirect virus as a secondary payload to monetize their attacks even if the victim refuses to pay for the fake Mac maintenance services.
How to remove Bing redirect from Mac
Now that you know how this malicious entity manifests itself, let’s see how to purge it from your Mac for good. First, you’ll need to get rid of the components of the baddie sprinkled across the system, and then tidy up the affected web browser.
Before you begin, keep in mind that there is no such thing as an executable or app called “Bing redirect” or similar. Therefore, you should follow your intuition and look for suspicious entries you didn’t knowingly install onto your Mac.
Delete malicious app and files
- Click the Go menu icon in the Finder and select Utilities.
- Click Activity Monitor.
- Spot an unfamiliar entry under the Process Name column and kill it by clicking the Quit Process button in the left-hand upper part of the Activity Monitor screen. Confirm if necessary.
- Return to the Finder’s Go menu and choose Go to Folder (or hit Command+Shift+G keys simultaneously). This will open the folder search dialog. Type /Library/LaunchAgents and click Go.
- Once the LaunchAgents folder is opened, examine its contents and locate potentially unwanted entries (e.g. “com.pcv.helperamc.plist”, “com.mykotlerino.ltvbit.plist”). Drag these files to the Trash when found.
- Use the Go to Folder navigation feature to open the following paths one by one: ~Library/LaunchAgents, /Library/LaunchDaemons, and /Library/Application Support. Scrutinize these directories for dubious files and send the suspects to the Trash.
- Expand the Go menu in your Mac’s Finder again and select Applications.
- Look for the malicious application (e.g. Spaces.app) and send it to the Trash without a second thought. When done, empty the Trash.
- Select System Preferences in the Finder menu. Go to Users & Groups and select Login Items. Find an unwanted profile and click the “minus” button to remove it from the list.
- Reboot your Mac.
Tip 1
How to quickly find and remove unneeded Launch Agents, Launch Daemons and other extensions
You can find and operate extensions on your Mac with the help of free tool App Cleaner & Uninstaller. App Cleaner & Uninstaller allows you to enable, disable and even remove extensions on your Mac, such as launch agents, login items, launch daemons, web browser extensions and so on.
Here is how to remove extensions of Bing from your Mac:
- Launch App Cleaner & Uninstaller.
- Go to the Extensions tab.
- Find and remove all items connected to Bing.
Get rid of Bing redirect in the web browser
The most effective way to stop noxious redirects to Bing.com in the browser is to reset it to its original defaults. Be advised that all versions of Safari released since 2015 lack a reset feature. But don’t worry – we’ll show you a workaround.
Fix the problem in Safari
- Go to Safari Preferences, click the Advanced tab and enable the option that says Show Develop menu in menu bar.
- Click the Develop icon that has just been added to the Safari menu. Select Empty Caches.
- Click the History icon in the Safari menu and select Clear History in the list. Follow on-screen prompts to clear all browsing history.
- Go to Safari Preferences and click the Privacy tab. Now, click the button that says Manage Website Data.
- Click Remove All button.
- Restart Safari.
Reset Google Chrome
- Click the Customize and control Google Chrome (⁝) icon and select Settings.
- Click the Advanced button.
- Go down to the Reset settings section and click Restore settings to their original defaults.
- Click Reset settings to confirm the action.
- Restart Chrome.
Tip 2
How to quickly reset apps
You can quickly reset web browsers and any application with the help of free tool App Cleaner & Uninstaller. App Cleaner & Uninstaller allows you to completely uninstall programs on Mac, remove all their service files, remove leftovers of uninstalled apps or just reset apps to the first-state launch state.
Here is how to reset Google Chrome and Safari to remove Bing-redirect items from your Mac:
- Launch App Cleaner & Uninstaller.
- Select Google Chrome in the list of apps → Right-click on it → click Select Service Files for Removal.
- Then find and select Safari in the list of apps → Right-click on it → click Select Service Files for Removal.
- Click the Remove button.
Reset Mozilla Firefox
- Go to Help > Troubleshooting Information.
- Click Refresh Firefox.
- Confirm the changes on the follow-up dialog.
- Restart Firefox.
Conclusion
Manual removal of Bing redirect virus from your Mac is an effective technique, but you may encounter a roadblock along the way. It’s difficult to identify all the associated malicious files because their names vary and might imply no clues about their dodgy essence. Therefore, this cleaning method can be a shot in the dark in some cases.