Home / malware
First posted on 31 May 2020.
There are no other names known for OSX.Genieo.
Genieo is a browser hijacker that substitutes its own home page and search engine for those the user chose and uses the new options to deliver unwanted ads and additional PUPs. A hazard to Mac users for nearly a decade, OSX.Genieo is considered the parent of similar malware, including Only Search, MacShop Ads, and MacVX.
OSX.Genieo uses a variety of different techniques to make itself difficult to find and very difficult to fully remove from a system. The obfuscation techniques include polymorphic code obfuscation and purported uninstaller packages that actually install additional unwanted software.
While most instances of OSX.Genieo simply hijack a victim's browser, there have been scattered reports of more significant damage to a system, including computers rendered unbeatable when specific Genieo components were removed, passwords and user names encrypted and locked, and sensitive information exfiltrated from infected systems.
Last update 31 May 2020