'Mughthesec' at '/Users/_____/Downloads/.com.google.Chrome.UqYVCf'

Hi katlinbr 

Could be please help me with the product that you are using?

From my understanding of Mughthesec it is usually hidden as an adobe flash player download that looks legitimate. I would suggest uninstalling all adobe products from the system and reinstalling them from the manufacturers website.

It spreads under the file name player.dmg and will install the flash but also fraudulent programs called "advanced mac cleaner" and two safari extensions called "safe finder" and "booking.com"

Try removing those programs and extensions completely from your computer.

Hope that helps.

Unfortunately with Mugthesec it allows the attacker to drop as many secondary payloads as they want... so sometimes a full system reinstall is recommended if it cant be located. Hope it doesnt come to that. Good luck.

objective-see.com/.../blog_0x20.html

katlinbr said:

I can't seem to locate and remove Alert: 'Mughthesec' at '/Users/_____/Downloads/.com.google.Chrome.UqYVCf' Anyone have success with this one?

Katlinbr,

User: ____ has a something "Chrome" in their download folder.  Log into their account and look in their download folder.  It looks like a bad Chrome installer - it may be a trojan horse installer or possibly just a corrupted copy.

You can delete it and download the correct version for them from https://www.google.com/chrome/