OFFICIAL SECURITY BLOG

We’ve moved! You can now read the latest and greatest on Mac adware and malware at Malwarebytes.

adware Genieo changing its name?

Posted on June 19th, 2015 at 9:19 AM EDT

Earlier this month, I wrote about how new variants of the Genieo adware are proliferating. Now, however, it looks like Genieo may be changing its name. A new site, for an app called InKeepr, appears to be poised to take Genieo’s place, perhaps because of all the negative name recognition now associated with the Genieo name.
Read the rest of this entry »

28 Comments

adware Genieo adware proliferating

Posted on June 7th, 2015 at 9:00 AM EDT

In recent months, several new variants of the Genieo adware have crossed my path. This adware is still pulling many of the same tricks – changing the search engine to Bing, and installing all kinds of junk that runs in the background and modifies browser behavior. However, it’s now using a variety of different names, perhaps in an attempt to make detection more difficult.
Read the rest of this entry »

31 Comments

e-biohazard Apple cracks down on adware

Posted on February 13th, 2015 at 7:25 AM EDT

Apple has used the XProtect anti-malware protection in Mac OS X to block a few pieces of adware in the past. Yesterday, they cracked down on adware again, adding a slew of new items to XProtect’s signatures, used for identifying and blocking malicious apps. Three are updated signatures, while one is for adware never before blocked by XProtect.
Read the rest of this entry »

50 Comments

e-biohazard Genieo adware causing Safari crashes

Posted on December 21st, 2014 at 6:57 AM EDT

Over the last week, I’ve been seeing a lot of reports of Safari crashes on Apple’s discussion forums as well as via personal e-mail. All seem to be running Yosemite with Safari 8. Interestingly, in almost every single one of these cases, the Genieo adware was found on the machine. In every case where Genieo was found, removing Genieo solved the problem.
Read the rest of this entry »

58 Comments

e-biohazard Mac adware menace continues

Posted on April 7th, 2014 at 7:05 PM EDT

Over the last couple months, I’ve seen an explosion in reports of adware infections. Just in the last four days, I have seen at least a couple dozen reports of GoPhoto infections alone. The threat of adware, a problem for Windows users for years, appears to be coming into its own on the Mac. Today, I found an adware installer that seems to be the epitome of the adware menace.
Read the rest of this entry »

28 Comments

warning InstallMac uninstaller antics

Posted on February 16th, 2014 at 10:01 PM EDT

InstallMac is adware that I have written about before, as it is currently being added to some downloads available on Softonic. (Without the permission of the developers of the apps in question, I should note.) This adware, as well as the Genieo adware that powers it, has been known for some time to have a non-functional uninstaller. Although the uninstaller does appear to remove the software, it leaves behind some of the hidden components. It turns out, though, that the uninstaller’s behavior is worse than previously known!
Read the rest of this entry »

27 Comments

warning Continue to boycott Softonic

Posted on December 6th, 2013 at 6:55 AM EDT

Softonic has been a problem before, as outlined in a previous article, Boycott Softonic. In a nutshell, Softonic was wrapping some software downloaded from their site in an adware installer, which installed the ChatZum adware. Worse, the adware was installed regardless of whether you declined this “optional” software. Although Softonic quickly removed these installers when caught, they obviously did not learn the error of their ways. Adware-riddled installers are back!
Read the rest of this entry »

16 Comments

warning Malicious download installs Genieo and GoPhoto.it adware

Posted on November 26th, 2013 at 3:39 PM EDT

I have written previously about Genieo, which is adware that has used somewhat sneaky methods to get installed in the past, and whose uninstaller leaves behind deceptively-named components that remain actively running afterwards. This is bad news, but at least Genieo has always, to my knowledge, required the user to manually run an installer clearly named “Install Genieo”, regardless of what the site it was downloaded from called it. This is no longer the case, as I have found an installer that does not behave this way. In addition, this installer also installs the GoPhoto.it adware, which I have never written about.
Read the rest of this entry »

55 Comments

e-biohazard Malicious Genieo installers persist

Posted on June 21st, 2013 at 4:06 PM EDT

I wrote about the problems with Genieo a couple times last month, when it was discovered that Genieo was being downloaded through fake Flash Player update pop-ups on some sites. Further research showed suspicious code inside the Genieo installer. Following those developments, Dr. Web and Intego both decided to add detection of Genieo as malware to their anti-virus products. Folks from Genieo’s support informed me that these problems would be taken care of. Unfortunately, one month later, it looks like problems with Genieo persist.
Read the rest of this entry »

35 Comments

warning More details on Genieo adware

Posted on May 23rd, 2013 at 4:16 PM EDT

On Tuesday, I posted an article about a potentially malicious Genieo installer. This has resulted in a couple anti-virus companies labeling the Genieo software as a trojan. Intego revealed an interesting discovery, and I’ve also been pursuing some interesting points myself. There are some interesting developments that call into question whether this is just an isolated incident involving one of Genieo’s partners, or a problem with Genieo itself.
Read the rest of this entry »

14 Comments