Home > Mac Viruses > Remove CrescentCore Malware from Mac

Remove CrescentCore Malware from Mac

Update August 2019. What is CrescentCore Mac malware? How threatening is it to macOS? Let’s find out in this article.

OSX/CrescentCore or CrescentCore Mac malware is a new malicious campaign currently targeting users in the wild. According to security researchers, the malware is considered the next generation of a fake Flash Player “virus” which is now capable of fully evading antivirus detection. Currently, Mac users are widely targeted across the Web, as CrescentCore lurks in bogus download sites as well as top-ranking Google search results.

Threat Summary

Name CrescentCore
Type Trojan Horse for Mac OS
Short Description Aims to sneak into your Mac undetected to perform a series of malicious activities.
Symptoms A Trojan horse application on a .dmg disk image, masqueraded as an Adobe Flash Player installer..
Distribution Method Fake download sites and trojanized apps
Detection Tool See If Your System Has Been Affected by malware


Combo Cleaner

User Experience Join Our Forum to Discuss CrescentCore.

CrescentCore Mac Malware – Distribution

As reported by Intego researchers, this malware is in fact a Trojan horse application on a .dmg disk image, and is masqueraded as an Adobe Flash Player installer. This distribution method is not new at all as it has been observed in Windows campaigns for years. The difference is, however, that CrescentCore is updated with additional capabilities which are meant to improve its evasion by antivirus programs. Also, this is not the first such case against Mac users. A previously detected Mac Trojan is the so-called [wplinkpreview url=”https://sensorstechforum.com/mac-control-virus-remove/”] Mac Control “virus” which has been known to spy on users’ activities.

Currently, the malware is being distributed via fake app installers (.dmg file), but its distribution mechanisms could be updated in the near future to include:

  • Fake patches;
  • Software cracks;
  • Key generators.

So, how does the CrescentCore infection happen?

Of course, the user will have to open the .dmg file and app with the Flash Player icon. Once this is done, the Trojan will check if it’s running inside a virtual machine. Then, CrescentCore will run a check to see if there is a Mac antivirus program running on the system. If any of these two conditions is met, the malware will no continue its operations on this particular system.

In case no AV software is found, the malware will install its persistent infection in the form of a LaunchAgent.
Security researchers say that there is a second variant of the malware which could install Advanced MacCleaner on infected hosts, or a malicious Safari browser extension.

How to Effectively Remove Mac Kontrol

The malware has been observed in active campaigns in the wild, Mac users should be extra careful when surfing the web. Since CrescentCore is designed to check whether there is an antivirus program installed on the targeted Mac and would halt the infection if such is found, it is highly advisable to install a security solution.

If you’re already infected by CrescentCore and want to remove it from your Mac, we suggest that you carefully read step 1 and 2 below this article. If however you cannot seem to find the virus files or the app, which the malware pretends to be, then professional removal is your best bet. To remove CrescentCore efficiently, you can download and run a scan of your Mac by using an advanced anti-malware software. Such specific tool is created to help you to automatically detect an get rid of any malware, CrescentCore included.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree