ChatZum discovered in another installer
Published September 4th, 2013 at 10:44 AM EDT , modified September 26th, 2013 at 2:51 PM EDT
I have written about ChatZum before, when it was being added to installers downloaded from Softonic. Although Softonic never admitted to doing anything wrong, other than installing the adware even when users opted out during installation, I have at least not seen any signs that this misbehavior has continued. However, ChatZum has nonetheless resurfaced, with a slightly different form, in another application’s installer.
The application in question is called TuneUp, an iTunes library manager from TuneUp Media. It has apparently been around for a while. (Although I’m not sure how long it’s been around, the blog on their web site goes back to 2008.) It has never achieved much notice in the mainstream Mac news media, to my knowledge, and reviews tend to be mixed. A recent update, however, has received mostly one-star (or less) ratings from users in places like the Mac App Store, MacUpdate and Download.com. Worse than the numerous flaws outlined in these complaints, though, is the fact that the installer now appears to include ChatZum. (A source who has used this software in the past informed me that this was not the case with the previous version.)
This time, however, the name ChatZum is not used. Instead, the software is referred to as “Nation toolbar.”
By default, all the boxes shown are checked. If you compare this to a similar screenshot of the ChatZum-added VLC installer, you’ll see remarkable similarities. Further, if those boxes are left checked when installing, not only is a Nation toolbar browser extension installed, but all the ChatZum components are also installed (other than the ChatZum browser extension, which appears to have been replaced by the Nation toolbar extension).
Just as observed previously with ChatZum, opting out during installation (by unchecking the boxes, as shown in the screenshot above) does not work fully. In this case, opting out still results in the zako.plugin and uid.plist components of ChatZum being installed.
It’s unclear at this time exactly what the involvement of TuneUp is. It’s entirely possible that they are unwitting dupes, tricked into including this malware as a means of bolstering what were probably not particularly spectacular sales. They may be completely unaware of how their software is behaving, although that would not really be forgivable, as a decent developer should be intimately familiar with exactly what their installer is doing. Even in this best case scenario, as opposed to the possibility that they are actively involved with ChatZum, TuneUp Media would have to be so clueless about what they’re selling that it would be wise to avoid their product altogether.
ChatZum (also known as Zako or Okaz) is still far from universally recognized as malware by anti-virus software. Most either doesn’t detect it or only calls it adware. However, this new development, showing a continued willingness to install their software contrary to the user’s preferences, will change that to some degree.
September 26, 2013 @ 2:48 PM EST: A new version of TuneUp is now available on the TuneUp Media web site. This version no longer uses the installer that included ChatZum, allowing users to simply drag the app to the Applications folder. They report that the installer was built for them by a third party, who added ChatZum to it.