One MacOS application: 50% of Mac malware infections

Okay... almost 50%.

It's not necessarily malicious in and of itself, but Elastic Security Labs reports that 48% of MacOS malware file signatures are trafficked through the MacKeeper application. This is due to its propensity for being exploited and its considerable permissions. Therefore it is recommended to use a different, more trustworthy/reputable security and/or performance enhancing tool, and to delete this one when & where you find it.

How do I find the MacKeeper software in my environment?

Axonius can help easily identify this software as it will be installed with 'MacKeeper' as the application name, so all we need is a simple Devices query for Installed Software: Software Name [contains] 'mackeeper' - be sure to save this query to use later.

(Reminder: the 'contains' operator is not case sensitive)

What next?

You can take the list of Mac devices with MacKeeper software installed and work on removing it however you see fit.

Axonius can help you by automating alerting in the future, even if you didn't find the software in your environment at the present. Simply take the query and set up an Enforcement Center (EC) action to alert you through your preferred notification method whenever the query returns results during a discovery cycle. 

If you have a script that removes the software from identified endpoints in your environment, you can set up an EC action to run this script on the hosts identified by the query to remove the software automatically whenever it is discovered. 

If you have an applicable EDR solution, you can have another action set up to isolate or quarantine the host until manual or automated intervention is completed to remove the software. 

Make sure to look through the EC Actions Library to find what will suit your needs.