What is Leap and is my Mac at risk?

What is Leap and how to remove it from Mac?

Leap - also known as the Oompa-Loompa malware, or OSX/Oomp-A or Leap.A - is an application infection. Originally designed and released into the wild in 2006, it was created to spread over Local Area Networks (LANs). Unlike other viruses, this was created specifically for the Mac operating system.

Hence the discovery by the Apple security firm Intego, back in 2006. At the time, it was only infecting - or ‘leaping’ - between Macs on that are connected within an LAN, with the infection moving around through the Bonjour protocol. First released in 2002 under a different name, Bonjour is how macOS and iOS users communicate or share images and music, using services such as iTunes, iChat and iMessage.

New versions of Leap have been coming out every few years, evolving as Bonjour and other Apple systems evolve and improve. It has somehow managed to keep pace with the constant iterations and improvements that Mac in-built security systems have underwent.


How do I detect an infection?

Unlike other malware infections and worms, the user who's downloaded the virus does so on the understanding that they're downloading something they want. Unfortunately this isn’t the case. Hidden behind an Apple image icon is a gzip-compressed tar file called latestpics.tgz.

Within this tar file is the hidden executable. It will then ask for your admin password, thereby giving it a backdoor to your Mac and infecting any programs it wants to access when they're loading, using a system facility called “apphook”. Once the executable payload is activated, Leap wants to infect other Mac devices through the iChat system, going through the Bonjour protocol to reach other Macs.

The good news, however, is that Leap doesn't delete data, replace files, spy on you or your Mac, or even take control. Leap is a faulty infection, so although it can and does infect Mac devices, it has a bug which prevents it from opening and executing properly. It won’t launch as it should, which means it can’t do much more damage after getting into a Mac.

How to remove Leap: The manual guide

Now the only question is, how to remove Leap?

Even though it seems that this worm can’t do anything, the last thing your Mac needs is an infection that could act as a backdoor to other viruses that don't have the same bug issues as a Leap.

Similar to other viruses, Leap leaves files all over a Mac.

Because we know it uses the system facility, Apphook, to take over applications, it can initially be found in the following locations: /Library/InputManagers/ directory (if run with root permissions) or /InputManagers/ directory (if run as a non-root user). These files then replace Apphook:

apphook/Info

apphook/apphook.bundle/Contents/Info.plist

apphook/apphook.bundle/Contents/MacOS/apphook

Infected files will now have the following attributes replacing the original credentials:

name: oompa

value: loompa

Temporary files are also created in the Applications folder with these names:

/tmp/pic.gz

/tmp/pic

/tmp/latestpics

/tmp/lastespics.tar

/tmp/lastespics.tar.gz

/tmp/lastespics.tgz

Now that you’ve got an idea where Leap is hiding, you should be able to safely remove these unwanted files. As part of that, you will need to restore the system facility, Apphook to how it was before the infection. This might mean downloading a new version.

After moving the Leap files and application executables to the trash, it is always a sensible move to restart your Mac. This should restore your Mac to full working order. However, always be careful when doing any of this to make sure you don’t delete anything you need for your Mac to work properly.

is megabackup a virus

How to remove Leap: Safe and easy way

If everything above sounds like too much work, there is another way to remove Leap using CleanMyMac X.

CleanMyMac X can remove dozens of Mac malware, worm, spyware, ransomware, adware and other infections. It effortlessly improves the performance of your Mac. Restoring your computer to a near brand new performance. Here is how you use CleanMyMac X to delete Leap:

  1. Download CleanMyMac X.
  2. Open the app.
  3. Use the Malware Removal tab.
  4. Click Scan — it will show you any viruses and malware applications.
  5. Click Remove and they will vanish.

Although Leap apparently doesn't work, it’s still an infection your Mac doesn't need and that could cause other problems if left untreated. One way or another, this malware virus needs clearing out of your Mac so that it works effectively.

CleanMyMac X
CleanMyMac X

Your Mac. As good as new.