Crossrider

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Crossrider is a type of malware, specifically an adware variant, that targets and exploits computer systems to cause harm. It infiltrates systems through dubious downloads, emails, or websites, often without the user's knowledge. Once inside, Crossrider can disrupt operations, steal personal information, or even lock data for ransom. This malicious software has been particularly problematic for Mac users, with a new variant emerging that infects these systems in a unique way. The new variant of Crossrider appears benign on the surface but installs a configuration profile that forces both Safari and Chrome browsers to always open to a page on chumsearch[dot]com. This means that every time a user opens their browser, they are directed to this specific website, which is associated with the Crossrider malware. This variant has also locked Safari's homepage setting to a Crossrider-related domain, preventing users from changing it. Fortunately, security software like Malwarebytes Premium can detect and block common infostealers, including Crossrider and others such as AMOS, Genieo, and Vsearch. These tools provide essential protection against these intrusive and harmful threats, ensuring that Mac users can safely navigate the internet without fear of unknowingly downloading malicious software.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
OSX/Shlayer
1
OSX/Shlayer is a newly identified variant of malware that specifically targets Mac systems, as discovered by Intego researchers. Also referred to as Crossrider, OSX/Shlayer uses a unique technique to infiltrate systems, primarily aiming to download and install adware onto infected Macs. The initial
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Safari
Malwarebytes
Malware
Chrome
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
AmosUnspecified
1
AMOS is a malicious software (malware) that targets Mac systems, with the ability to steal passwords, personal files, and cryptocurrency wallet information. It was first identified as part of the ClearFake campaign, which aimed to spread the macOS AMOS information stealer. The malware can infect bot
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Crossrider Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
All the Mac malware we know about
Malwarebytes
5 months ago
No “Apple magic” as 11% of macOS detections last year came from malware | Malwarebytes
MITRE
a year ago
New Crossrider variant installs configuration profiles on Macs | Malwarebytes Labs