Disguised as a browser plugin, Conduit — also known as Conduit Search — is believed to have been created by ClientConnect Ltd. It claims to improve the internet browsing experience by generating improved search engine results.

However, what it really wants to do is collect user data and send it to cybercriminals. Conduit can collect keystrokes and passwords, IP addresses, and geolocation data as well as monitor browser activity.

What is conduit virus

What is Conduit malware on Mac?

Conduit — which is also said to go by the names Trovi and VSearch — is another form of malicious malware known as a browser hijacker. It takes over your browser, changing the default search engine to search.conduit.com. It installs itself as a browser plugin, then can be used to steal data and cause other cyber infections to take hold in your Mac.

conduit search malware

It is not picky about which browser it takes over, as Conduit has been around for several years and can hijack Safari, Chrome, and Firefox. It will send you unwanted adverts and pop-ups and redirect you to unexpected web pages when you click on websites you often visit, especially those in your Bookmarks. Conduit can modify browser security settings, make your Mac run more slowly, and will continue to collect and transmit data back to its control servers until you’ve managed to eliminate the infection.

The longer your Mac is infected with this virus, the greater chance you have of accidentally downloading other viruses and more dangerous types of malware. Removing this virus is worth doing as soon as you realize your browser is behaving oddly.

How can you get infected with the Conduit Search browser hijacker?

Browser hijackers tend to follow a predictable pattern when infecting target computers. The Conduit Search browser hijacker is no different. Here’s how it infects its targets:

  1. Bundled software — this is the most common form that the Conduit browser hijacker takes. Software such as PDF converters, media players, and browser extensions from unreliable websites could have Conduit hidden inside (usually hidden inside the “Custom” or “Advanced” area of the installation options).
  2. Fake updates — this is an old strategy but an effective one. If a notification pops up informing you that you need an update for Adobe Flash Player or Java, it is likely a browser hijacker in disguise. Malicious browser extensions are also common culprits.
  3. Malware-infected ads and links — attackers send links via email or SMS, or they embed these links inside pop-up ads. This is a very common way to get infected with Conduit malware.
Remove Conduit from Chrome Mac MacBook

How to remove Conduit malware?

Fortunately, compared to other forms of malware, browser hijackers are some of the easiest to remove. They are also fairly easy to spot quickly, since most users access their browsers on a daily basis, and changes tend to be quickly spotted.

Changes to your browser could include your homepage and default search engine being changed, your browser security settings being disabled, and your web browsing being redirected to websites with lots of ads and other malware.

What many victims fail to realize is that malware of this nature could just be the beginning, opening the door to even more insidious malware to be brought onto their devices and networks. This subsequent malware will likely be more dangerous, harder to detect, and even more difficult to remove.

Below are the methods to remove the Conduit browser hijacker from Safari, Chrome, and Firefox.

Safari

  1. Navigate to Safari > Settings > Extensions. Find any suspicious extensions and click Uninstall.
  2. Go to Safari > General. Reset your homepage and other settings.
  3. Open Safari > Search and reset your default search engine.

Chrome

  1. Navigate to Settings > Extensions > Manage Extensions. Find any suspicious extensions and click Uninstall.
  2. Go to Settings > On Startup. Change your browser startup behavior.
  3. Open Settings > Search Engine and reset your default search engine.

Firefox

  1. Navigate to Firefox > Preferences > Extensions & Themes. Find any suspicious extensions and click the 3-dot menu, followed by Remove.
  2. Go to Firefox > Preferences > Home. Under “Homepage and new windows,” make sure that no pages have been set there without your knowledge.
  3. Open Firefox > Preferences > Search and reset your default search engine.
Conduit virus how to delete

Deleting Conduit leftovers from the system

Now that you’ve removed the extension from your browser, you need to search through your Mac for other traces of this virus. Click on Finder and then press Go > Go to Folder... in the upper menu. 

Here are a handful of the folders that need to be checked:

/Applications/

/Library/Application Support/SIMBL/Plugins/ 

/Library/Internet Plug-Ins/ 

/Library/Application Support/SIMBL/ 

/Library/LaunchAgents/ 

/Library/ScriptingAdditions/

Once these are free from infection, it is worth resetting your browser and making sure the settings have restored your default search engine.

If all of that sounds like too much work, there is a quicker way. It is a smart move to scan for other potential risks and viruses, as it is difficult to know what else might have been set loose in your Mac thanks to the Conduit malware infection.

Remove Conduit Trovi, VSearch

Easier way: Delete Conduit with a dedicated tool

Most of us don’t have time to spare and would prefer a solution that is fast and reliable. In the case of removing the Conduit virus, the best solution is CleanMyMac, powered by Moonlock Engine. It’s lightweight, fast, powerful, and easy to use.

In addition to getting rid of the Conduit malware, CleanMyMac will look for other hidden threats specific to the macOS operating system. It can also optimize the performance of your Mac by removing needless junk files and repairing disk permissions.

But you don’t have to take our word for it. We offer everyone a free trial so you can see for yourself how good CleanMyMac is.

Once you have a free trial, open the app and follow these steps:

  1. The malware detection tool is located in the Protection feature on the left sidebar. Click that to get started.
  2. Click the Configure Scan button to access the scan settings. We recommend that you select everything — especially Deep Scan. This ensures the most thorough search.
  3. Come out of Configure Scan and click the Scan button. CleanMyMac will start going through your Mac, searching every nook and cranny for all traces of the Conduit Search browser hijacker. It may also find other malware that you were completely unaware of.
  4. When CleanMyMac has found the Conduit hijacker and its associated files, it will show them to you in a list. Select them all and click the Remove button to remove them all from your system permanently.

Conduit can hide and illegally gain control of any web browser on a Mac. It can record everything you type and everywhere you go. Removing it means you can reclaim your browser and default search engine. There are, thankfully, a few quick and easy ways to do that, whether you want to remove it manually or use a tool to speed the process up.