Malware that downloads itself to your Mac and changes your browser settings to intercept search queries and steal data has become increasingly common in recent years. Genieo is slightly different in that it was created by a large company and distributed by one of the most well-known software download sites on the internet.

Everything you need to know about Genieo malware

Genieo is not a virus or a worm but a potentially unwanted program (PUP) and is listed in Apple’s XProtect anti-malware services as malware.

Originally owned by Israeli-owned Genieo Innovation, it marketed itself as a “personalized start page” based on your web browsing. However, it turned into much more. In fact, it was installing malware and embedding itself deep into people’s machines.

Did you know? 

macOS now has a tool called GateKeeper that prevents any app that hasn’t come from the App Store or the website of a trusted developer from being installed on your Mac unless you override it and give specific permissions. That prevents malicious software from installing itself without your express permission.

The truth about Genieo was originally discovered in 2013 when users reported that an installer was distributed by Softonic, a hugely popular software download site. Once installed, Genieo intercepted searches made using Bing and Google to steal user data and display intrusive adware.

In 2014, Genieo Innovation was bought by another Israeli company, Somoto, a company with an equally shady reputation for malware. In 2015, Apple finally added Genieo to XProduct, but it was a case of too little too late. By that point, Genieo had already morphed and evolved into various other incarnations, such as InstallMac, MacSaver, and SearchProtect.

These rebranded pieces of malware ensured that Apple would be constantly on the defensive, chasing each rebranding of the Genieo malware.

To avoid installing Genieo, don’t download software from Softonic, ignore any warnings you see on pop-up windows or tabs claiming that you need to update Flash Player, and be careful about the websites you visit. If it’s too late, and you need to uninstall Genieo, read on.

How does Genieo get onto a Mac?

Like so many types of malware, the Genieo installer pretends to be an essential update to Adobe Flash Player. Once downloaded, it attempts to install itself without further user interaction.

Genieo malware also masquerades as a video codec. When users download and install the codec in order to watch different types of video formats on their Mac, they also install Genieo.

Then there is software bundling, when an apparently legitimate software download is hiding Genieo in the background. It then surreptitiously installs itself without the user’s knowledge. This is why installing apps from unverified developers is usually a bad idea.

Browser pop-ups are also a common mode of transport for Genieo, where the victim is tricked into believing that they are clicking a legitimate program update.

Later versions of Genieo were also found to have gained access to the macOS Keychain app by faking a click on the dialog box that appears to ask for user permission to access Keychain data. Access to Keychain allows apps to grab user data like usernames, passwords, and credit card details.

What are the signs that my Mac is infected with Genieo malware?

The signs that Genieo malware has taken up residence on your Mac without your permission are usually the same as other malware:

  1. Your computer starts to slow down considerably, and the battery overheats, causing the fans to kick in.
  2. Your browser settings are all changed — the homepage, the new tab page, your security settings, and your default search engine is turned into a Genieo default search engine. When you switch them back, Genieo changes them back again.
  3. Suspicious and malicious extensions start to appear on your browser.
  4. An excessive number of pop-up ads appear on your screen.
  5. New system configuration profiles appear that you didn’t install.
  6. Unknown, unwanted apps have been installed in the Applications folder.

How to remove Genieo on your Mac

If you’ve already installed Genieo, there are a couple of ways to get rid of it.

Get rid of Genieo the manual way

  1. Update your Mac to the latest version of macOS and restart it.
  2. Go to your Applications folder and look for any apps you didn’t expect to see or didn’t deliberately install, and uninstall them.
  3. Launch Safari, click on the Safari menu, and choose Settings.
  4. Click the Extensions tab and look for any extensions you didn’t intend to install, and click uninstall to remove them.
  5. Go to the General tab and check to ensure that your homepage and default search engine are the ones you set. If not, reset them.
  6. If you use Chrome or Firefox, you should take similar steps to check extensions and settings in those browsers.

Chrome

  1. Type “chrome://extensions” to check extensions and remove any you don’t want.
  2. Type “chrome://settings” to check your homepage and default search engine.

Firefox

  1. Click on the three lines at the right of the address bar.
  2. Choose Add-ons and then Extensions to check and remove extensions.
  3. Choose Options to check your homepage and default search engine.

How to remove Genieo the easy way

If you are certain you have Genieo — or any malware — there’s no need to panic. Genieo does have a reputation for being difficult to remove, but there is one anti-malware app that doesn’t take no for an answer: CleanMyMac, powered by Moonlock Engine.

CleanMyMac’s Protection feature is a powerful tool that immediately detects malware and removes Genieo from a Mac. Think of it like a strong weed killer for your overflowing garden. One dose of CleanMyMac, and Genieo will be gone

Malware removal module of CleanMyMac

We offer a free trial of CleanMyMac so you can see for yourself how efficient it is. Once you’ve signed up for it and installed CleanMyMac on your device, do the following:

  1. Select the Protection feature on the left sidebar. This opens the malware removal tool.
  2. Click the Configure Scan button to access the scan settings. Select everything to get full advantage of what CleanMyMac can do.
  3. Ext Configure Scan and click the Scan button to begin the Genieo Mac removal process. CleanMyMac will systematically go through every inch of your Mac settings to collect all malware traces.
  4. If threats have been found, CleanMyMac will show them to you. Select each one and click Remove. CleanMyMac will now delete Genieo.

    That’s it. Genieo should be gone. We’ll also show you how to manually check your browser for any last traces. But before you do that, click Applications in the left sidebar to see if any more suspicious programs are there. Then click Cleanup to sweep away any compromised junk files.

    Malware assistant tool

    Tip: As an extra security measure, use Applications feature in the same app and its uninstaller tool. It builds a list of all your apps, including the stealth software that doesn’t get shown in the Applications folder. Here is how it looks:

    Genieo is a PUP that disguises itself as an essential update to Adobe Flash or a video codec for macOS. Once installed, it intercepts searches, displays intrusive adware, and may steal data. To avoid downloading it, never click on a pop-up that claims your Flash Player needs to be updated. If you’ve already downloaded it, you can get rid of it quickly and easily using CleanMyMac, which can also identify and remove lots of other Mac malware.