Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 9 subscribers
  • Views 17250 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Numerous "mughthesec" detected

Eric Liang
I'm a user of Sophos Central Endpoint 10.0.0 on Mac (macOS Catalina 10.15.7).
There are numerous detections of the so-called "mughthesec" every day (see attached screenshots for example). It's very worrying if those mughthesec are harmful, or if they are harmless then these detection warnings are very distracting. They are mostly under /private/tmp/ directory. It's very time-consuming to manually delete them one by one.
I want to know what they are? How do I automatically clean them up?


This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Shweta

    Hi Shweta. Thanks for your suggestion. Fortunately, it worked. For future reference, I'm recording the whole picture as follows.

    I deleted the program or extension "UniversalWebResults" under those two ".../Library/Program Support/" directories. The "/Private/tmp/" ("tmp" for temporary) directory is regularly cleaned up by my operating system and therefore any "Mughthesec" in it also automatically disappears regularly.

    I've monitored for one week after the removal, and there's no "Mughthesec" detected anymore, so far.

    I actually recognize the name of this program/extension "UniversalWebResults". It was an annoying web browser extension that had bothered me for months. After I installed Sophos several weeks ago, at first, it only found "Mughthesec" under the "/Private/tmp/" directory, instead of finding the program/extension itself. Now I suspect that those temporary "Mughthesec", which had kept reproducing after my removals, had all been created by this program/extension. Since I hadn't remove the program itself at that time, they had kept reproducing. At the time I resorted to this forum for help, it was coincidentally the first time Sophos had detected the program/extension "UniversalWebResults" itself. Being tired and hopeless of failed removals, I didn't try removing them, until suggested to do so. And then it worked.

    In fact, I have a final quick question: what on earth is "Mughthesec"? Would you please answer this for me, thanks.

  • +1 in reply to Eric Liang

    Hi

    Mughthesec is usually hidden as an adobe flash player download that looks legitimate. It spreads under the file name player.dmg  via malicious ads and popups on shady websites. This should help:

    https://www.bleepingcomputer.com/news/security/new-mac-adware-mughthesec-will-cause-serious-headaches/

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
Unfiltered HTML