Genieo

Last updated

Genieo
Developer(s) Genieo Innovation
Initial releaseMarch 2010 (2010-03)
Operating system macOS
Platform Macintosh
Available in English
Type Adware, user tracking software
License Adware
Website genieo.com [ dead link ]

Genieo Innovation is an Israeli company, specializing in unwanted software which includes advertising and user tracking software, commonly referred to as a potentially unwanted program , adware , [1] privacy-invasive software , grayware , [2] or malware . [3] They are best known for Genieo, an application of this type. They also own and operate InstallMac [4] which distributes additional 'optional' search modifying software with other applications. In 2014, Genieo Innovation was acquired for $34 million by Somoto, [5] another company which "bundles legitimate applications with offers for additional third party applications that may be unwanted by the user". [6] This sector of the Israeli software industry is frequently referred to as Download Valley. [7]

Contents

History

Genieo Innovation was founded in April 2008 by Sol Tzvi and Jacob Tenenboem.

The first version of Genieo was released in September 2009, [8] and the beta version was launched at the Demo2010 conference in March 2010. [9]

Genieo's website has been down and it is suspected that it has changed its name to InKeepr. [10]

Overview

The software installs itself onto computers and makes it almost impossible for users to remove it. It hijacks the user's browser and tracks browser usage with the intention of mining information. Users complain that it acts like a virus and they need to run special programs to remove it.

Malware issues

Genieo is listed as malware in Apple Inc.'s XProtect anti-malware service, which built in to all Macintosh computers running Mac OS X Snow Leopard or later. [1]

In May 2013, a malicious installer, distributed by Genieo partner Softonic, [11] was found by security software company Intego. The installer masquerades as a necessary update to Adobe Flash Player and attempts to install Genieo.app without user interaction. Dynamic libraries are added to the Safari browser, which intercept searches intended for Bing and Google. [12]

Other versions of Genieo for Mac have also been offered as 'codecs' required for video playback. [13] Testing carried out on Genieo for Mac in June 2013 found that it left active software behind even after using the supplied uninstaller, which required detailed manual removal. [13] [14] [15]

In November 2013, another fake application installer was reported to include Genieo adware. [16]

In January 2014, Sophos added Genieo for Mac to their threat list; in the category Viruses and Spyware  : Trojan horse (computing)  : Adware . [17]

As of November 2014, Genieo for Mac is flagged by Intego (mentioned above) [12] [14] and, according to an analysis at VirusTotal, by 25 (out of 55 surveyed) anti-malware solutions, including Ad-Aware, Avast!, Bitdefender, Comodo, Dr. Web, ESET, Fortinet, F-Secure, Kaspersky, Trend Micro Housecall, Sophos and Symantec [18]

In July 2014, Genieo was acquired for $34 million by Somoto, [5] another company which "bundles legitimate applications with offers for additional third party applications that may be unwanted by the user." [6]

In August 2015, malware researchers discovered a Genieo installer which acquired access to the Mac keychain, by an automated click on "allow", when the permission dialog for the keychain was displayed. [19] The code was in a Safari browser extension added by Genieo, and was also contained, but not immediately used, in earlier versions of the installer.

See also

Related Research Articles

Adware, often called advertising-supported software by its developers, is software that generates revenue for its developer by automatically generating online advertisements in the user interface of the software or on a screen presented to the user during the installation process. The software may generate two types of revenue: one is for the display of the advertisement and another on a "pay-per-click" basis, if the user clicks on the advertisement. Some advertisements also act as spyware, collecting and reporting data about the user, to be sold or used for targeted advertising or user profiling. The software may implement advertisements in a variety of ways, including a static box display, a banner display, a full screen, a video, a pop-up ad or in some other form. All forms of advertising carry health, ethical, privacy and security risks for users.

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

Spyware is any software with malicious behavior that aims to gather information about a person or organization and send it to another entity in a way that harms the user by violating their privacy, endangering their device's security, or other means. This behavior may be present in malware and in legitimate software. Websites may engage in spyware behaviors like web tracking. Hardware devices may also be affected.

<span class="mw-page-title-main">Antivirus software</span> Computer software to defend against malicious computer viruses

Antivirus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

<span class="mw-page-title-main">Spybot – Search & Destroy</span> Spyware removal software

Spybot – Search & Destroy (S&D) is a spyware and adware removal computer program compatible with Microsoft Windows. Dating back to the first Adwares in 2000, Spybot scans the computer hard disk and/or RAM for malicious software.

Norton AntiVirus is an anti-virus or anti-malware software product founded by Peter Norton, developed and distributed by Symantec since 1990 as part of its Norton family of computer security products. It uses signatures and heuristics to identify viruses. Other features included in it are e-mail spam filtering and phishing protection.

Norton Internet Security, developed by Symantec Corporation, is a discontinued computer program that provides malware protection and removal during a subscription period. It uses signatures and heuristics to identify viruses. Other features include a personal firewall, email spam filtering, and phishing protection. With the release of the 2015 line in summer 2014, Symantec officially retired Norton Internet Security after 14 years as the chief Norton product. It was superseded by Norton Security, a rechristened adaptation of the Norton 360 security suite.

Crimeware is a class of malware designed specifically to automate cybercrime.

Browser hijacking is a form of unwanted software that modifies a web browser's settings without a user's permission, to inject unwanted advertising into the user's browser. A browser hijacker may replace the existing home page, error page, or search engine with its own. These are generally used to force hits to a particular website, increasing its advertising revenue.

<span class="mw-page-title-main">WinFixer</span> Rogue security software

WinFixer was a family of scareware rogue security programs developed by Winsoftware which claimed to repair computer system problems on Microsoft Windows computers if a user purchased the full version of the software. The software was mainly installed without the user's consent. McAfee claimed that "the primary function of the free version appears to be to alarm the user into paying for registration, at least partially based on false or erroneous detections." The program prompted the user to purchase a paid copy of the program.

<span class="mw-page-title-main">Zango (company)</span>

Zango,, formerly ePIPO, 180solutions and Hotbar, was a software company that provided users access to its partners' videos, games, tools and utilities in exchange for viewing targeted advertising placed on their computers. Zango software is listed as adware by Symantec, and is also labeled as a potentially unwanted program by McAfee. Zango was co-founded by two brothers: Keith Smith, who served as the CEO; and Ken Smith, who served as the CTO.

Rogue security software is a form of malicious software and internet fraud that misleads users into believing there is a virus on their computer and aims to convince them to pay for a fake malware removal tool that actually installs malware on their computer. It is a form of scareware that manipulates users through fear, and a form of ransomware. Rogue security software has been a serious security threat in desktop computing since 2008. An early example that gained infamy was SpySheriff and its clones, such as Nava Shield.

<span class="mw-page-title-main">SpySheriff</span> Spyware

SpySheriff is malware that disguises itself as anti-spyware software. It attempts to mislead the user with false security alerts, threatening them into buying the program. Like other rogue antiviruses, after producing a list of false threats, it prompts the user to pay to remove them. The software is particularly difficult to remove, since it nests its components in System Restore folders, and also blocks some system management tools. However, SpySheriff can be removed by an experienced user, antivirus software, or by using a rescue disk.

<span class="mw-page-title-main">PC Tools (company)</span> Australian software company

PC Tools, formerly known as WinGuides.com, was a software company acquired by Symantec in 2008; the new owner eventually discontinued the PC Tools name. Company headquarters were in Australia, with offices in Luxembourg, the United States, United Kingdom, Ireland and Ukraine. The company had previously developed and distributed security and optimization software for the Mac OS X and Microsoft Windows platforms.

<span class="mw-page-title-main">MacSweeper</span> Rogue security software

MacSweeper is a rogue application that misleads users by exaggerating reports about spyware, adware or viruses on their computer. It is the first known "rogue" application for the Mac OS X operating system. The software was discovered by F-Secure, a Finland-based computer security software company, on January 17, 2008.

<span class="mw-page-title-main">VirusTotal</span> Cybersecurity website owned by Chronicle

VirusTotal is a website created by the Spanish security company Hispasec Sistemas. Launched in June 2004, it was acquired by Google in September 2012. The company's ownership switched in January 2018 to Chronicle, a subsidiary of Google.

VirusHeat is malware that disguises itself as a legitimate anti-virus program. VirusHeat tricks users into buying the full version of the program through repeated false alerts and popups, purporting to alert the user that there is a system error or they are infected, and must buy the full version to remove. It was launched on February 8, 2008.

Mac Defender is an internet rogue security program that targets computers running macOS. The Mac security firm Intego discovered the fake antivirus software on 2 May 2011, with a patch not being provided by Apple until 31 May. The software has been described as the first major malware threat to the Macintosh platform. However, it is not the first Mac-specific Trojan, and is not self-propagating.

Download Valley is a cluster of software companies in Israel, producing and delivering adware to be installed alongside downloads of other software. The primary purpose is to monetize shareware and downloads. These software items are commonly browser toolbars, adware, browser hijackers, spyware, and malware. Another group of products are download managers, possibly designed to induce or trick the user to install adware, when downloading a piece of desired software or mobile app from a certain source.

A potentially unwanted program (PUP) or potentially unwanted application (PUA) is software that a user may perceive as unwanted or unnecessary. It is used as a subjective tagging criterion by security and parental control products. Such software may use an implementation that can compromise privacy or weaken the computer's security. Companies often bundle a wanted program download with a wrapper application and may offer to install an unwanted application, and in some cases without providing a clear opt-out method. Antivirus companies define the software bundled as potentially unwanted programs which can include software that displays intrusive advertising (adware), or tracks the user's Internet usage to sell information to advertisers (spyware), injects its own advertising into web pages that a user looks at, or uses premium SMS services to rack up charges for the user. A growing number of open-source software projects have expressed dismay at third-party websites wrapping their downloads with unwanted bundles, without the project's knowledge or consent. Nearly every third-party free download site bundles their downloads with potentially unwanted software. The practice is widely considered unethical because it violates the security interests of users without their informed consent. Some unwanted software bundles install a root certificate on a user's device, which allows hackers to intercept private data such as banking details, without a browser giving security warnings. The United States Department of Homeland Security has advised removing an insecure root certificate, because they make computers vulnerable to serious cyberattacks. Software developers and security experts recommend that people always download the latest version from the official project website, or a trusted package manager or app store.

References

  1. 1 2 "Apple Cracks Down on Adware".
  2. Symantec (anti-virus software vendor) on Genieo, updated 10 July 2014
  3. "Genieo - Your Personal Homepage". www.genieo.com. Archived from the original on 8 December 2013.
  4. "InstallMac - A market place for Mac OSX applications". www.installmac.com.
  5. 1 2 "Somoto acquires Genieo Innovation for $34m - Globes". en.globes.co.il. 27 July 2014.
  6. 1 2 "Detailed Analysis - Somoto BetterInstaller - Adware and PUAs - Advanced Network Threat Protection | ATP from Targeted Malware Attacks and Persistent Threats | sophos.com - Threat Center".
  7. Hate Pop-Up Ads? Microsoft tries drawing line in the sand Wall Street Journal, Orr Hirschauge, 4 June 2014
  8. "Create a Personal Homepage Without Lifting a Finger". Archived from the original on 12 January 2010. Retrieved 24 June 2010.
  9. Barbierri, Cody (22 March 2010). "DEMO: Genieo takes automatically generated homepages mobile".
  10. "Genieo Changing Its Name?".
  11. "Genieo FAQ - What is Softonic Home?". Archived from the original on 23 May 2013. Retrieved 24 May 2013.
  12. 1 2 Lysa Myers (23 May 2013). "Another Problematic Softonic Installer Brings Adware". Intego . Retrieved 24 May 2013.
  13. 1 2 "Malicious Genieo installers persist" . Retrieved 23 June 2013.
  14. 1 2 Lysa Myers (25 June 2013). "Another Sketchy Genieo Installer Discovered". Intego . Retrieved 17 December 2013.
  15. "Adware Removal Guide : Genieo" . Retrieved 9 November 2013.
  16. Thomas Reed (26 November 2013), "Malicious download installs Genieo and GoPhoto.it adware", The Safe Mac, retrieved 17 December 2013
  17. "Detailed Analysis - OSX/Geonei-A - Viruses and Spyware - Advanced Network Threat Protection | ATP from Targeted Malware Attacks and Persistent Threats | sophos.com - Threat Center". www.sophos.com.
  18. "VirusTotal". www.virustotal.com.
  19. "Genieo installer tricks keychain | Malwarebytes Labs". 30 August 2015.