Malware found on app Duplicates cleaner

First, Apple is not here so this is not the proper forum. You can send Apple feedback here: Feedback - macOS - Apple

As far as the checksum, as I said, it's the checksum of the Calculator in the Applications folder. My point was, your post of the checksum is meaningless without a checksum to compare it to.

So what’s your point? 19 out of 58 AV engines on VirusTotal flag that file as a “potentially unwanted program”. PCVARK is known as a “grey market” developer with a poor reputation, similar to MacKeeper, but not as well known perhaps. This security blog post details an analysis of one of PCVARK’s other apps (https://blog.malwarebytes.com/threat-analysis/2016/08/pcvark-plays-dirty/).

But this is what makes these things “grey market”. They aren’t doing anything illegal. Those AV apps might not like them, but they don’t seem to be suffering. Look at their Mac App Store page:

They have a 4.6/5.0 score out of 201 ratings. And this is in the Canadian store! They must have 2000 5-star reviews in the US store. (Let’s fire up High Sierra and check - I was too generous, only 886 ratings in the US store).

But let’s look a little closer. This app is rated #86 in utilities with 201 Canadian ratings. My own app is rated #28 with only 18 Canadian ratings. The rating for Duplicates Cleaner in the US store is even worse at #121. What could possibly explain this discrepancy? 😄 They seem fond of the “friendly robot” imagery too. 😄

So what does all of this mean? It means that legitimate companies can publish apps in the Mac App Store. Maybe some AV company calls it “malware”, but that is just hyperbole. As long as the app is not doing any damage and complies with Apple’s Mac App Store guidelines, then there is nothing to worry about. If you think Apple is wrong, then you are going to have to do some research on this app and prove that it is malware. You can’t use VirusTotal. That’s not proof. You are the one who has to do the work. Nobody else cares. If you are successful, then maybe you can re-brand yourself as an internet security researcher, get yourself some Twitter followers, and line up some speaking gigs at some “white hat” hacker conference.

FWIW, Malwarebytes does flag Duplicates Cleaner as a PUP. I don't know if they flag all PCVARK apps as such or there is code that is suspicious. They certainly seemed to feel PCVARK created a number of PUPs.

FWIW, I had a conversation with Malwarebytes support. The do in fact flag ALL PCVARK products and have since 2016 whether they have adware or not. I didn't see any evidence of adware in Duplicates Cleaner. However, to be on the safe side I would stay clear and use a different product. dupeGuru is one option. I'm sure there are others.

https://www.virustotal.com

Is not a third party it uses many virus servers to examine for malware. Like AVG,Avast, Avira, Bitdefender, etc..

No, it is a 4th party and absolute junk.

There are some legitimate antivirus apps and those do tend to report PCVARK and similar apps as PUP (Potentially Unwanted Programs).

There are large number of scam apps in the Mac App Store and it would not be surprising if many of them set off various antivirus apps, legitimately or not.

Apple provide antivirus software with the operating system. You don’t need anything else. If you do find yourself regularly getting tricked into installing adware, then you might benefit from a legitimate antivirus app like MalwareBytes. Otherwise, your just wasting your money and cpu.

Already years ago there were supporters here that said, I quote,

>Don't install crapware, such as “themes,” "haxies," “add-ons,” “toolbars,” “enhancers," “optimizers,” “accelerators,” "boosters," “extenders,” “cleaners,” "doctors," "tune-ups," “defragmenters,” “firewalls,” "barriers," “guardians,” “defenders,” “protectors,” most “plugins,” commercial "virus scanners,” "disk tools," or "utilities." With very few exceptions, such stuff is useless or worse than useless. Above all, avoid any software that purports to change the look and feel of the user interface.">

It does not matter if you download from a third party site or from the Appstore.

In the appstore there is a lot of s**t too: Apple just doesn't test or judge apps there, only thing is tested whether these apps use the correct 'hooks' 'api' to connect in OS.

It is not recommended to use apps that look at the computer/OS, use apps that you need for your hobby or work.

macfrombrampton wrote:

Your saying that Virus Total "https://www.virustotal.com" is junk but I am to trust Apple? Here Is just one web site demontrating that Malware exists in the App Store "https://www.eyerys.com/articles/news/14-apps-golduck-malware-discovered-apples-app-store"

Yes - exactly!

The macOS operating system includes multiple layers of malware protection. If any malware does sneak into Apple’s App Stores or in any Apple Developer ID software, Apple can disable that software and prevent it from being installed or even executed in the future.

Nowhere in that link you cited does it say that malware exists in the App Store. The story says that some apps communicate with "servers known to have been used by the Golduck malware for Android”. But what does that mean? A single “server” on the internet may communicate with hundreds of separate apps run by hundreds of separate companies.

I am would like to know what makes you think that the software detected by Virus Total is not Malware?

First of all, that screenshot you posted doesn’t list any malware at all. It uses bright red text, a “caution” icon (coloured red, not yellow) and terms like “PUP”, “adware”, and “potentially unwanted”. That’s adware or scamware, not malware. Sometimes adware can cause problems like slowing down your machine. Sometimes adware doesn’t include an uninstaller. But all of that applies to “legitimate” software too. Sometimes people do install adware and scamware on purpose. Sometimes adware does have a functional installer. The difference between “adware” and “legitimate” software is not as big as you might assume. I’m not saying adware is good, but I am saying that it is fundamentally different than true “malware”. Apple provides protection against malware. But when it comes to more benign adware or scam ware, you’re on your own.

And that is where VirusTotal comes in. I understand you wanting to do research on software. That’s good. But good research would be asking questions on reputable sites like Apple Support Communities. If you do your own research or believe what you read on random internet sites, you can be badly misled and misinformed.

I can understand if most people don’t have a good understanding of how shared servers work on the internet. Would it surprise you to learn that VirusTotal also doesn’t understand how this works? I’ve dealt with them before. I have tried, and failed, to get incorrect and libellous information about my own apps removed from VirusTotal. They categorically refused. Furthermore, they demanded to know why my app communicates with "s2.symcb.com”. Apparently, a few years ago, one or more popular antivirus apps added this domain to their “known malware” lists and started blocking it. If you Google it, you might immediately think it is a "server known to have been used with malware”. But that’s wrong.

It is a server run by Symantec for certificate revocation lists. My app didn’t communicate with it, the macOS operating system did. This server is used to help detect and disable malware. Yet, at one point, many antivirus apps were blocking this important security service. I can see how true malware might want to block this service. But it turned out that popular antivirus apps were just confused about how basic internet security worked and never even bothered to check.

Apparently that is still true of VirusTotal. They have a fundamental misunderstanding of how internet security, and even modern computers, work. The individual antivirus engines on VirusTotal may or may not detect “something” in an individual file and their detection may or may not be correct, depending on each individual engine. But beyond that, any information, dates, graphs, logs, comments, etc. that you see on VirusTotal are just bogus and should not be considered accurate.

I am pointing out to Apple that this software is Malware but if Apple says it is not Malware, fine.

I would like ot know if this is the proper forum for Apple to respond to Malware report?

This is a user-to-user technical support forum. It is not an appropriate venue to communicate directly with Apple.

However, it is an excellent venue to help correct internet misinformation spread by antivirus vendors and sites like VirusTotal. If you have questions about something, by all means, ask here. Just don’t assume that people elsewhere on the internet are telling the truth. Sadly, in most cases, they are not. They are trying to mislead or scam you in some way. And I don’t think I’m exaggerating to use the adjective “most” in that respect.

These issues can be complex. Most people don’t want to bother to explain complex issues. They want to make it simple so that they can control what you think and make you buy their service or trust them. You won’t find that here on Apple Support Communities. Unfortunately, sometimes complex issues are just that and take a lot to explain.

https://www.virustotal.com

Is not a third party

Yes it is.

Apparently you are not aware that any software that is not native to the Mac (and part of the OS or included from Apple) is commonly referred to as being "third party".

Since some of the forum users seem to think that the information provided is falses or that the Web site Virus total is not valid I am interested in any Apple forum users providing evidence that this software is not malware!

You can do that yourself. Does the app fit any of these definitions: https://www.sans.org/reading-room/whitepapers/incident/malware-101-viruses-32848

If you think it does, please explain. And, send that explanation to Apple via Feedback.