← Back to stories Businessman in blue shirt holding megaphone, symbolizing leadership and communication.
Photo by Pressmaster on Pexels
凤凰科技 2026-03-10

Security firm warns counterfeit CleanMyMac site is spreading malware to Mac users

What happened

It has been reported that security researchers have identified a fake website impersonating CleanMyMac’s official download portal and using it to distribute malware to Apple Mac users. The warning circulated on Chinese tech outlets including ifeng (凤凰网), which picked up the advisory from the security firm. Who is behind the fake site remains unclear; investigators say the campaign uses a convincing look-alike domain and branded assets to trick users into downloading a trojanized installer.

How the scam works

Reportedly, the counterfeit site offers what appears to be the legitimate CleanMyMac installer but bundles malicious code which can run once a user bypasses standard macOS protections. The attack relies on social engineering and typosquatting rather than a direct compromise of CleanMyMac’s servers. How sophisticated is it? The visual mimicry is convincing enough to fool less cautious users, and the operators appear to be exploiting third-party download habits rather than attacking Apple’s distribution channels directly.

What Mac users should do

If you use CleanMyMac, download only from the official MacPaw site or the Mac App Store and check the developer signature before installing. Keep macOS and XProtect up to date, enable Gatekeeper, and avoid third-party mirrors and search-result download links. It has been reported that verifying the certificate and checksum for downloads can prevent many of these supply‑chain style infections. If you suspect you installed a compromised build, disconnect from the network and run a reputable endpoint scanner or consult a security professional.

Why this matters

Macs have been targeted more frequently in recent years as attackers chase higher-value platforms. For readers unfamiliar with China’s media landscape: coverage on outlets such as ifeng signals that the advisory reached a Chinese-speaking user base quickly, underscoring the cross-border nature of malware distribution. Reportedly, the campaign has not been tied to a known nation‑state actor, but the incident is a reminder that even widely trusted tools and brands can be cloned to deliver malware.

Space
View original source →