Malware WeKnow on Mac

May 7, 2019

I spent some time cleaning friends Macbook from weKnow malware and wanted to share this handy tips with you, should you need it.

Basically, it hijacks local Chrome policy and you need to remove/edit them via terminal/cmd line.

  1. cmd + spacebar (search for “terminal” app)
  2. use following commands:
    1. defaults delete com.google.Chrome <nameOfThePolicy>
    2. defaults write com.google.Chrome <naemOfThePolicy> -string “https://www.google.com/
    3. example:
      defaults write com.google.Chrome HomepageLocation -string “https://www.google.com/

Do not install “mac cleaners” or similar. If anything, just use MalwareBytes. Check all extensions and default search engines (Safari,Chrome,Firefox) and remove unknown/unwanted extensions and apps from Mac. There should not be any extra profiles, admin accounts or login items, so clear that too.

additional resources:
https://discussions.apple.com/thread/8501039