How to remove the PureLand stealer-type malware from your Mac

Also Known As: PureLand malware
Type: Mac Virus
Damage level: Severe

What kind of malware is PureLand?

PureLand is a stealer-type malware targeting Mac devices. Programs within this classification are designed to steal information from infected systems. PureLand targets cryptocurrency wallets and other sensitive data.

This malware has been observed being spread under the guise of a Play-to-Earn video game. After the initial finding of PureLand, the lure was rebranded to the "Pearl Land Metaverse" blockchain game.

PureLand malware detections on VirusTotal

PureLand malware overview

Following successful infiltration, PureLand may display a prompt requesting the victim to provide the password for "Chrome Safe Storage". If access is gained, the stealer then attempts to extract information from the Google Chrome browser, including Internet cookies and saved log-in credentials (usernames/passwords).

This malware also has the ability to search for content of interest, particularly cryptocurrency-related platforms. Some of its targets include Atomic, Exodus, Electrum, Martian Aptos, MetaMask, Phantom, TronLink, and other wallets/crypto-platforms.

It is pertinent to mention that malware developers commonly improve upon their creations and methodologies. Therefore, potential future variants of PureLand could have additional abilities or use different proliferation techniques.

To summarize, the presence of malicious software like PureLand on devices can result in severe privacy issues, significant financial losses, and identity theft.

Threat Summary:
Name PureLand malware
Threat Type Mac malware, Mac virus, stealer, information stealer
Detection Names Avast (MacOS:AMOS-E [Trj]), Combo Cleaner (Trojan.GenericKD.65762449), ESET-NOD32 (OSX/Agent.CJ), Kaspersky (HEUR:Trojan-PSW.OSX.Pureland.d), Full List Of Detections (VirusTotal)
Related Domains thepureland[.]io
Detection Names (thepureland[.]io) Avira (Malware), ESET (Malware), ESTsecurity (Malicious), Full List Of Detections (VirusTotal)
Serving IP Address (thepureland[.]io)
Symptoms Typically, information stealers are designed to stealthily infiltrate the victim's computer and remain silent, and thus no particular symptoms are clearly visible on an infected machine.
Distribution Methods Scam social media posts, spam emails and direct/private messages, malicious ads, free installers (bundling), social engineering, software 'cracks'..
Damage Stolen passwords and banking information, identity theft, financial losses, and more.
Malware Removal (Mac)

To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
▼ Download Combo Cleaner for Mac
To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Stealer-type malware examples

We have researched countless malware samples; GoSorryRealst, and ShadowVault are just a couple examples of stealers. Information-stealing software can target a broad range of data or specific details.

Additionally, it is noteworthy that malicious programs are not limited by their classification. Hence, stealers could have other capabilities, such as keylogging, file grabbing, audio/video recording, downloading/installing malicious programs/code, etc. However, regardless of how malware operates – its presence on a system threatens device integrity and user safety.

How did PureLand infiltrate my computer?

The PureLand stealer has been noted being endorsed under the guise of a Play-to-Win video game (a subset of blockchain games). The known promotion utilized the images and screenshots of existing games.

The endorsement included lures offering game testing opportunities with compensation – sent via DMs (direct messages) on the X (formerly Twitter) social media platform. PureLand was also promoted through spam emails sent by an account stolen from a source associated with blockchain gaming.

It must be mentioned that in some instances, PureLand was spread alongside a Windows stealer called RedLine. Additionally, once the "PureLand" lure became known, the scam promotion shifted to using the "Pearl Land Metaverse" name (others are not unlikely). Likewise, other distribution methods for this stealer are possible.

Malware is usually proliferated by utilizing phishing and social engineering tactics. Malicious software is typically disguised as or bundled with ordinary programs/media. Infectious files can be executables, archives, documents, etc.

The most common distribution techniques include: drive-by (stealthy/deceptive) downloads, malicious attachments/links in spam (e.g., social media/ forum posts, emails, PMs/DMs, SMSes, etc.), malvertising, online scams, pirated software/media, illegal program activation tools ("cracks"), and fake updates.

Furthermore, some malicious programs can self-spread via local networks and removable storage devices (e.g., external hard drives, USB flash drives, etc.).

How to avoid installation of malware?

We highly recommend exercising caution while browsing since fraudulent and dangerous online content usually appears legitimate and innocuous. Attachments or links present in suspicious/irrelevant messages (e.g., emails, PMS/DMs, etc.) must not be opened, as they can be infectious.

Additionally, all downloads must be performed from official and verified channels. Another recommendation is to activate and update programs by using legitimate functions/tools, as illegal activation ("cracking") tools and third-party updaters can contain malware.

We must emphasize the importance of having a reputable anti-virus installed and kept up-to-date. Security software must be used to run regular system scans and to remove detected threats and issues. If you believe that your computer is already infected, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate infiltrated malware.

Screenshot of Pearl Land Metaverse Whitepaper website (PureLand rebrand):

Pearl Land Metaverse Whitepaper website (PureLand rebrand)

Instant automatic Mac malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

Video showing how to remove adware and browser hijackers from a Mac computer:

Potentially unwanted applications removal:

Remove potentially unwanted applications from your "Applications" folder:

Manual removal of malicious Mac applications

Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX","NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.

Frequently Asked Questions (FAQ)

My computer is infected with PureLand malware, should I format my storage device to get rid of it?

No, PureLand stealer's removal does not require formatting.

What are the biggest issues that PureLand malware can cause?

The threats posed by a piece of malicious software depend on its functionalities and the cyber criminals' goals. PureLand is designed to extract sensitive information, particularly data necessary for stealing cryptocurrency wallets. Generally, malware of this kind can cause severe privacy issues, financial losses, and identity theft.

What is the purpose of PureLand malware?

Malware is primarily used for profit, and PureLand has been utilized for said purpose (i.e., to steal cryptocurrency). However, there are other potential uses for malicious software, like cyber criminals seeking amusement, realization of personal grudges, process disruption (e.g., websites, services, companies, etc.), and even to launch politically/geopolitically motivated attacks.

How did PureLand malware infiltrate my computer?

PureLand has been noted being promoted via X (Twitter) DMs and emails, which used the lure of endorsement/ testing opportunities for a new Play-to-Win game. However, other promotional methods are not unlikely.

Generally, malware is primarily proliferated via drive-by downloads, untrustworthy download sources (e.g., freeware and third-party sites, P2P sharing networks, etc.), spam posts and messages, online scams, illegal software activation tools ("cracks"), and fake updates. Furthermore, some malicious programs can self-spread through local networks and removable storage devices.

Will Combo Cleaner protect me from malware?

Yes, Combo Cleaner is capable of detecting and eliminating nearly all known malware infections. It is pertinent to mention that performing a full system scan is paramount since sophisticated malicious programs typically hide deep within systems.

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Removal Instructions in other languages
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

QR Code
PureLand malware QR code
Scan this QR code to have an easy access removal guide of PureLand malware on your mobile device.
We Recommend:

Get rid of Mac malware infections today:

Download Combo Cleaner for Mac

Platform: macOS

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.