Table of Contents
macOS is an expanding cyber battlefield, with browser redirect viruses like SearchBaron infiltrating Mac computers to wreak havoc with the victims’ web surfing.
July 2020 update
What is the SearchBaron Mac redirect virus?
There is no such thing as a Mac immune to malware these days. As a matter of fact, this myth was debunked years ago, and the current state of affairs in this electronic ecosystem is increasingly disconcerting. Out of all categories of harmful code targeting Apple’s machines, browser infections are in a dominant position due to their quantitative prevalence. Many of these culprits never reach any considerable heights in terms of the propagation, but some become really mainstream in the campaigns masterminded by residents of the dark web. It’s the latter type that the SearchBaron Mac virus represents. Thousands of users around the world have reported being hit by this pest, and the numbers continue to grow. So, what kind of a threat is it and how exactly does it affect systems? It manifests itself through frequent redirects in a Mac user’s preferred browser. The starting point of this Internet traffic rerouting is searchbaron.com, with additional elements complementing the URL.
In most cases, the kick-off of the redirect is a domain that comes in a format similar to the following: searchbaron.com/v1/hostedsearch?pid=[numeric value]&subid[campaign ID]&keyword=[search term]. The random-looking numbers denote the attributes of a specific malvertising campaign, the “pid” attribute name is variable, and the string at the end of the address is a word or phrase that the victim was trying to look up on the Internet. This brings us to the mechanics of the hoax: the infected user’s online navigation undergoes the forwarding predicament whenever they try to do a commonplace search on Google or another legit provider. Instead of going the regular path, the traffic is intercepted and first travels to searchbaron.com, then passes through a series of intermediary URLs, and usually arrives at Bing, Microsoft’s search engine.
In order to figure out the purpose of this ostensibly intricate fraud, it suffices to grasp the idea of black hat Internet marketing. A large number of unique visits help web resources get a better visibility on search engines, plus every such user is deemed as a potential customer. When the SearchBaron virus attack is underway, the victim actually hits several pages prior to landing at bing.com. Several affiliated junk domains are searchmarquis.com, mybrowser-search.com, api.lisumanagerine.club, and hut.brdtxhea.xyz. All of these momentary visits accumulate to bring the cybercriminals sizeable profits stemming from traffic monetization. The problem is, obviously, that the user doesn’t opt for such a drastic change of their web browsing activity.
The malicious object sneaks into Macs furtively, being integrated in multi-pronged installation clients for other software that’s benign. Unless the Mac user identifies the dubious bundling, they run the risk of unknowingly allowing the adverse interference of SearchBaron. If this is the case, the only effective way to sort the issue is to delete the virus itself and then re-adjust the settings of the misbehaving browser. One of the pitfalls is that the impact of this attack might not be isolated to the victim’s web surfing. Many users additionally report browser redirect activity and annoying pop ups overlapping on their Macs. For example, the incursion is often accompanied by recurring alerts that say, “Your computer is low on memory”. This could be a sign of another malicious application such as a piece of scareware messing with the system. In other words, SearchBaron tends to be a part of multi-pronged malware distribution schemes. Therefore, if it’s wreaking havoc with the web browser, a good idea is to look for and remove extra infections along with the apparent troublemaker. The part below provides point-by-point instructions in this regard.
Automatic removal of SearchBaron redirect virus from Mac
If this threat has infected your Mac, the most effective way to get rid of it is to use an automatic cleaning tool. The main benefit of taking this route is that the security application will accurately pinpoint and remove all the malicious files, including hidden components that could be difficult to find and erase manually. MacBooster is an award-winning solution that makes this process easy and fast. Follow the steps below to make the most of its malware removal and optimization power:1. Download and install MacBooster onto your Mac. 4. To address the after-effects of SearchBaron.com virus activity in the web browser, select the Privacy Protection feature in MacBooster sidebar, choose your default browser, and click on the Clean button at the bottom. This will delete unwanted cookies and other items affecting the browser behavior.
The SearchBaron.com virus shouldn’t be messing around with your Mac any longer. Be advised, though, that your default browser may still be redirected to dubious pages until you rectify its settings (the reset procedure will be described further down).
SearchBaron redirect virus manual removal from Mac
The gist of this section is to walk you through the process of deleting all non-obfuscated files related to the SearchBaron.com virus Mac. It’s best to perform the cleanup in the order specified below.
- Click the Go icon in Finder and select Utilities on the list
- Find and select the Activity Monitor under Utilities
- In the Activity Monitor, scrutinize the running processes for one that consumes lots of CPU and looks suspicious. Once the likely baddie is found, select it and click the Quit Process icon. An additional confirmation dialog will pop up – click Force Quit on it
- Now, go to Applications under the Go menu
- What you need to do is scroll down the list of installed apps in search of the malicious item. It could be a program with a gibberish name or one that ended up on your Mac beyond your awareness
- Go to System Preferences as shown below
- Select Accounts, then Login Items. You will see all the apps that run as part of the Mac startup process. Find the infection and remove it from the list by means of the “minus” icon
Now that you have suppressed the virus proper, you need to fix the problem in Safari. The browser defaults continue to be set to SearchBaron.com, therefore the repair requires some manual configuration tweaking.
Remove Search Baron redirects from affected browser on Mac
The optimal troubleshooting method boils down to resetting the browser, which will undo all changes made by the infection or any third-party plugin without your permission. Here’s how to do it:
Reset Safari to its defaults
- Go to Safari menu bar and select Preferences again on the drop-down list
- Go to Advanced tab and enable the option that says Show Develop menu in menu bar
- Now you will see the extra Develop menu in your Safari menu bar. Click it and select Empty Caches as shown below
- Do some test browsing to see if things are okay now and whether the malware is gone. If the issue is still there, you may need to additionally clear your browsing history in Safari. In Safari menu bar, select History and click Clear History
- The browser will display a dialog so that you can select the required period you would like to clear history for. Select all history on the list and click the Clear History button
- In case Safari is still acting up due to malware interference, there is one more thing you can try. Once again, go to Preferences from the Safari menu bar and select the Privacy tab this time. Click Manage Website Data
- When Safari generates a full list of sites that have stored your browsing data, go ahead and click Remove All
- Confirm by hitting the Done button.
Reset Google Chrome
- Click More (⁝ icon) at the top right part of the Chrome window and select Settings
- Find the Advanced section on the Settings screen and expand it
- Locate the Reset settings subsection and click Restore settings to their original defaults
- Google Chrome will display a popup dialog asking you to confirm the reset. Click the Reset settings button on it. Now, restart the browser and ascertain that the problem has been fixed.
Refresh Mozilla Firefox
- Go to Help -> Troubleshooting Information, or type about:support in the Firefox URL bar
- Once the Troubleshooting Information screen appears, find and click the Refresh Firefox button as shown
- Confirm the browser refresh on a dialog that will appear. Restart Firefox and check it for signs of malware tampering.