If you have a good reason to believe, and are able to demonstrate, that a file was mistakenly classified, please complete the following form and provide the file details.
If you believe an application, file or URL you encountered is malicious, tell us about it.
Authors: AiroAV Labs
At AiroAV (a.k.a Airo), we define seven main categories of Mac threats, as our lab classify them. So, without further ado let us introduce you to them. It should be noted that some of the definitions are commonly used and are well known in anti-malware communities and others are the creation of our very own AiroAV labs which are based on countless encounters and incidents incurred by different types and diverse spectrums of malicious conduct.
The following classifications are made up of some well-known, annoying and/or unwanted Mac threats disguised as genuine OSX applications, however; some may apply to other operating systems too.
The AiroAV “Suspicious File” classification signifies that the applications or the software being downloaded or used is questionable, undesirable and/or unknown. This may be because it has a bad reputation (or no reputation at all), has received a number of user complaints or it behaves in a way that is not fully disclosed to or consented to by the user. AiroAV’s emphasis on “Suspicious” classification is largely on non-genuine intent or on the bad reputation of the application or software.
Applications or software that use questionable distribution tactics or sources and behave in such a way that forces the user to install programs, click buttons, call phone numbers or take any action that is not in the best interests of a user will also be classed as suspicious until it would be proven otherwise.
In some cases, AiroAV will class something as “Suspicious” while it is being analyzed on a solid suspicion that it is malicious with the aim to warn users of a potential threat and alert them to be more cautious until AiroAV is able to classify the potential threat more accurately.
The following is a (non-exhaustive) list of some behavioral examples and symptoms of “how ‘Suspicious files’ are likely to behave when evading, or attempting to infiltrate, users’ Mac system”, which will trigger the AiroAV’s “Suspicious File” Classification.
Anything associated with a Scareware, Adware or Malware.
When AiroAV classifies something as a ‘Scareware’ it refers to software, application, program or anything that uses scare tactics to alert, trigger and urge users to download or purchase their products.
Scareware is usually associated with false or over-exaggerated claims about the health of the system or machine by impersonating system notifications and alerts.
This category, together with Scareware, is the biggest focus of AiroAV detection technologies and research. Simply because research has shown that Mac users are mostly disturbed by this category, and most Antivirus products refrain from analyzing and detecting those.
Anything classed as ‘Adware’ by AiroAV refers to any software, application, browser extension or program whose self-purpose is to make money or generate revenue by disrupting your Mac experience and/or by hijacking your browsers default search engine.
AiroAV classifies as a ‘Malware‘ a program, software, application, script of file embedding the potential or intent to maliciously harm users’ Mac, browser, accounts, experience or data. Malware takes on many forms including:
These malicious programs can perform a variety of functions including stealing, encrypting or deleting sensitive data, altering or hijacking core functions and monitoring users’ activity without their knowledge and /or permission. Their sole purpose is to harm the users Mac or to use it to their own benefit, or causing the potential for such ham (even if not exploited directly by them).
Malware, regardless of its form can be presented or appear as a legitimate file that is infected, unknown to the user.
Spyware is a type of software, application, program, file or script with a sole function of spying on the users’ activity or stealing data or collecting sensitive data about them without their permission or knowledge.
Some spyware may even steal passwords, credit card information and online accounts credentials.
Spyware is not a legitimate file infected by a virus, it is embedded in an application which is coded with malicious intent and it cannot be disinfected.
A Crypto-Malware classification is a type of malware that is attached to any software, application, script or program that’s sole purpose is to mine cryptocurrency without the consent or knowledge of the user. Basically, any person and/or organization that is digging into the user’s system, CPU (Central Processing Unit) and memory for their own financial gain.
Ransomware is a particularly vicious type of Malware that takes over the user’s machine and hold it to ransom. The hacker then blocks access to the Mac and demands payment via cryptocurrency or credit card (or other payment methods) to release the access to the computer or files, usually by a specific time. If the ransom is not met, then the hacker usually threatens to publish or delete sensitive information or files.
If a user is ever unfortunate enough to be attacked by ransomware, they’ll know about it, but here are some examples of how ransomware would try to attack.
Try Airo AV and Airo Web Protection