Browser hijackers are among the most common types of malware on both Mac and PC. They present themselves as a better way to surf the web or even ‘the perfect way to surf the web’ but in reality harvest your browsing data, redirect your browser, and display adverts for questionable products and services. SafeFinder is one such browser hijacker.
What is SafeFinder?
The SafeFinder virus is a category of malware known as a ‘potentially unwanted program’ or PUP for short. PUPs can take many forms but the one thing they have in common is that they are usually downloaded inadvertently because they are bundled with apparently legitimate software.
In SafeFinder’s case, once downloaded and installed, it hijacks your web browser, in much the same way as Chumsearch and Any Search. When you launch your web browser after SafeFinder has installed itself, your homepage will have changed to search.safefinderformac.com, search.macsafefinder.com, or search.safefinder.com. When you type a search query into the box, the search is eventually redirected to Yahoo, but in the meantime SafeFinder may have gathered information from your browser and forwarded it to a central server. It may also display adverts and slow down your browser.
How to tell if SafeFinder has infected your Mac
The most noticeable change will be what you see as soon as you launch a web browser, its homepage has been changed to a web address that includes the term ‘safefinder’.
The most common way that browser hijackers are downloaded is by bundling with other apps or tools. In SafeFinder’s case, it appears like it is bundled in media apps named NicePlayer or MPlayerX. The latter used to be one of the best media players on the Mac for playing files directly from a high-definition digital video camera and is still in the Mac App Store. However, it hasn’t been updated in several years and it appears that hackers now use it to bundle malware. So you shouldn’t download it from anywhere other than the Mac App Store.
The last few versions of macOS have a tool called GateKeeper which allows you to only download apps from either the Mac App Store alone, or the Mac App Store and developers whom Apple trusts. However, it is possible to override GateKeeper on a case-by-case basis, and if you’re running an older version of macOS, you won’t be protected at all.
How to remove SafeFinder from your Mac
Step 1: Remove SafeFinder from your Applications folder
- Go to your Applications folder and look for any apps that you don’t recognize or that look suspicious. In particular, look out for apps with SafeFinder in their name, as well as NicePlayer, and if you haven’t downloaded it from the Mac App Store, MPlayerX.
- If you find any apps in step 1, drag them to the Trash and empty it.
- Launch System Preferences from the Apple menu.
- Look in the bottom row for a pane called Profiles. If it’s there, click on it.
- Click on the profile called ‘AdminPrefs’ and press the ‘-‘ at the bottom of the window to remove it.
Step 2: Check your Login Items
Some PUPs add themselves to your Login Items so that they launch at startup. Although you’ve now removed SafeFinder, for completeness you should also remove its Login Item.
- Go to System Preferences and choose Users & Groups.
- Click on your username and then the padlock, and type in your password.
- Choose the Login Items tab, check the box next to the SafeFinder Login Item and then press ‘-‘
Step 3: Remove SafeFinder from Safari
- Launch Safari, click on the Safari menu and choose Preferences.
- Select the General tab and next to ‘Homepage’ type the URL of the site you want to use as your homepage.
- Select the Search tab, and choose the search engine you want to set as the default.
Step 4: Remove SafeFinder from Chrome
- Launch Chrome.
- Choose the Settings icon in the left of the window (it looks like three horizontal lines stacked on top of each other), or type “chrome://settings” into the address bar.
- Select “on startup” and check the button next to Open a specific page or set of pages.”
- Press the “More” button (three dots, one above the other).
- Choose “edit” and type or paste the address of the homepage you want to use into the text box.
- Click Save.
- Choose Settings again and select “search engine.”
- Click on “manage search engines” and press the “more” button next to SafeFinder and choose “remove from list.”
- Select the dropdown menu next to “Search engine used in address bar” and choose the search engine you want to use.
How to remove SafeFinder in a click
If all that seems like a long process, there is another options. CleanMyMac X has a malware removal tool that can remove SafeFinder at the click of a couple of buttons. It works like this:
- Download and launch CleanMyMac X.
- Choose Malware Removal and press Scan.
- When it finds SafeFinder, press Remove.
And that’s it, gone. The malware removal tool uses a regularly-updated database to check whether what it finds on your Mac is malware. If it finds it, you can remove it quickly and easily. If it finds nothing, it will give your Mac a clean bill of health and you can relax.
SafeFinder is a browser hijacker that takes the form of a PUP. It’s most often bundled with seemingly legitimate software and installed without the user even noticing. The only sign that you have the SafeFinder virus is that the homepage of your web browser will re-direct to a SafeFinder search page. Fortunately, it’s not too difficult to remove it, though if you use several different browsers, you’ll have to remove it from each one. The easiest way to remove it, however, is to use the malware utility in CleanMyMac X which will identify it and allow you to remove it quickly.