InstallMac has catapulted to prevalence within a few months to become one of the most encountered samples of Mac malware. Its rise and its association with the rampant adware network are directly correlated.
Table of Contents
Connection to Genieo Products and the Large-Scale Adware Network
InstallMac, like other Genieo products, primarily focuses on web advertising using ethically questionable practices. It is part of an expansive adware network thriving for over a year. The Adware infiltrates computers and modifies browser settings to direct traffic to desired websites for monetary rewards.
Infiltration through Bundled Software Downloads
Often, InstallMac comes bundled with programs available for free download. The software users are unaware of this bundled Adware until they notice unusual activities on their browsers. That is one of the deceitful tactics used by Adware to spread its reach. The InstallMac adware generates profits by altering browser settings and leading user traffic to specific sites, among other methods.
Safari, Chrome, and Firefox Settings Modification
One of the significant impacts of InstallMac refers to browser settings. It alters the homepage and default search options in Safari, Chrome, and Firefox, modifying them to redirect to search.installmac.com. This action severely restricts the user's internet browsing experience. Search.installmac.com appears to be a regular webpage offering search services. However, it turns users to different search engines such as Bing or result pages filled with ads. This way, profitable traffic is generated for third parties or sponsored links displayed, leading to financial gain for InstallMac creators.
Tracking and Collecting Personally Identifiable Data (PID)
InstallMac does not limit itself to modifying browser settings. It also intrudes on users' privacy by tracking and collecting personally identifiable data about their internet activity. This data includes website visits and keyword entries, aiming to study users' online interests and preferences for advertising purposes. Although this is standard practice in advertising, many may perceive it as a violation of privacy.
Removal Using the Provider’s Uninstaller
InstallMac's creators offer an uninstaller on their website, which is supposed to help users remove this unwanted program from their Mac. However, the uninstaller has more drawbacks than benefits, as it introduces new system items and does not eliminate InstallMac.
Claims of Resetting Browsers to Their Defaults
The creators of InstallMac promise that the uninstaller will reset the user's browsers to default settings. It would have been a practical solution, as InstallMac's modus operandi involves tampering with browser settings. However, the uninstaller performs differently than advertised.
Adding Supplemental System Items Instead of Removing InstallMac
Contrary to its stated purpose, the uninstaller introduces more items to the user's system rather than removing the adware components. It also prompts users to input their administrative credentials, adding confusion and potential security risks.
Introduction of GenieoExtra.framework File and Privileged Helper Tool
Upon completion of the uninstallation process, users might assume that InstallMac is no longer present on their system. However, the reality is far from it. New processes emerge in the background, including the GenieoExtra.framework file and a tool that requires administrative privileges. Therefore, the user faces the unintended and undesirable consequence of replacing one harmful element with another.
Correct Removal Procedure
The actual removal process of InstallMac involves several steps that target the browser settings directly, as well as using a tool like Combo Cleaner to detect and remove the Adware altogether. Moreover, post-removal activities are also crucial to ensure thorough system cleansing.
Resetting Browser Settings to Default
To some extent, manually resetting the browser settings back to the default can help eliminate InstallMac's influence. Guidelines to restore default settings for Safari, Chrome, and Firefox are present below:
Safari
Open Safari, access the Safari menu, and select 'Reset Safari.' Ensure all boxes are ticked on the subsequent interface and hit 'Reset.'
Chrome
Open Chrome, click the 'Customize and Control Google Chrome' menu icon, and select 'Options.' In the new window that appears, go to the 'Under the Hood' tab and click 'Reset to defaults.'
Firefox
Open Firefox, select 'Help,' then 'Troubleshooting Information.' On the resultant page, click the 'Reset Firefox' button.
Post-removal Browser-level Troubleshooting
Once you have removed the InstallMac adware, it's essential to troubleshoot at the browser level to ensure no remnants of the intrusive software remain. This step aids in preventing the Adware from reinstalling itself or causing further disruptions.
