MacKeeper – a(nother) reason not to use it

MacKeeperI’ve never been a fan of MacKeeper.

The utility suite which claims to help Mac users stop security threats, find duplicate files, and help you uninstall unwanted apps, has always been advertised too aggressively for my liking, and has been notoriously difficult to uninstall.

MacKeeper, developed by Zeobit and now owned by a company calling itself Kromtech Alliance, is – I think it’s fair to say – somewhat controversial.

Just take a look at some articles about MacKeeper on the web:

Sign up to our free newsletter.
Security news, advice, and tips.

(There are many many others…)

I decided long ago that it wasn’t going to be software that I wanted to have on my Macs, and I’ve made a point of helping other Mac-owning friends and family come to the same decision whenever I’ve spotted it on their systems.

But in case you need yet another reason not to use MacKeeper – here’s one for you.

Last month a serious zero-day vulnerability was found in MacKeeper, that could be exploited by hackers.

Essentially, a hacker could create a boobytrapped link that – if clicked – would trick MacKeeper into executing code that have any number of unpleasant payloads – such as wiping your hard disk, stealing information or installing malware.

At the time, Kromtech said it was unaware of any exploitation of the vulnerability.

Now, The Register reports, BAE security researcher Sergei Shevchenko has discovered that malicious hackers are exploiting the vulnerability in in-the-wild attacks.

Shevchenko says users who click a crafted phishing link will be prompted to enter login credentials to the MacKeeper app that will allow malware to execute with admin rights.

MacKeeper vulnerability

So, you have a choice now.

You can either ensure that you are running the latest version of MacKeeper which reportedly fixes the vulnerability.

Or you can decide that it’s time to uninstall MacKeeper entirely. Good luck with that option – hopefully you’ll find a guide on the web if you find it a tricky process…


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

7 comments on “MacKeeper – a(nother) reason not to use it”

  1. Coyote

    'executing cod that have any number of unpleasant payloads – such as wiping your hard disk, stealing information or installing malware.'

    While I love seafood I somehow suspect the reference to cods is a missing 'e'.

    Otherwise, I suppose there is one thing it won't be tricked in to doing. That is of course removing itself (notwithstanding wiping the file system[s] out). Put another way, the only useful (albeit very small) part of my comment is to point out the typo.

    1. Graham CluleyGraham Cluley · in reply to Coyote

      Cod almighty. There's a time and plaice for puns like this…

      1. Coyote · in reply to Graham Cluley

        I agree but that's because it is always a good time for puns, even if the pun is what some might call fishy.

        Edit: also phishy.

  2. Graeme McRae

    You wrote "But in case you need another reason now to use MacKeeper – here's another one for you" but I think you meant to write "not" instead of "now".

    1. Graham CluleyGraham Cluley · in reply to Graeme McRae

      Arrrggh. What a typo to make!

      Hanging my head in shame…

  3. John S

    I recently received a message asking if I wanted to update Mackeeper I clicked the link & commenced the download all the while being helped by "a human inside" After a while I discovered it was not free as claimed so refused to download the rest and uninstalled what I had.
    I was being asked repeatedly to continue the download. I responded by saying 'no way' I was misled in that you do charge for the download
    To which their response was (& I kid you not) "we don't mention money otherwise the customer tends to focus on that" unbelievable & more importantly do Apple know about this

  4. Laura

    I've just seen my hard-drive "die" because I accidentally downloaded this bloody thing. (It "disguised" as a Flash update).
    I am really upset, angry and don't know what to do. Can one report these "companies"? I am just a normal computer user. If I could only understand all these cyber-words and language. :(

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.