Malware that downloads itself to your Mac and changes your browser settings to intercept search queries and steal data has become increasingly common in recent years. Genieo is slightly different in that it was created by a large company and distributed by one of the most well-known software download sites on the internet.


Everything you need to know about Genieo malware

Genieo is not a virus or a worm but is a potentially unwanted program (PUP) and is listed in Apple’s XProtect antimalware services as malware. It was discovered originally in 2013 when users reported that an installer was distributed by Softonic, a hugely popular software download site. Like so much malware, the installer pretended to be an essential update to Adobe Flash Player. And once downloaded, it attempted to download itself without further user interaction.

Did you know? 

macOS now has a tool called GateKeeper that prevents any app that hasn’t come from the App Store or the website of a trusted developer from being installed on your Mac unless you override it and give specific permissions. That prevents malicious software from installing itself without your express permission.

Genieo was also found to be masquerading as a video codec. When users downloaded and installed the codec in order to watch different types of video on their Mac, they also installed Genieo.

Once installed, Genieo intercepted searches made using Bing and Google to steal user data and display intrusive adware. Later versions of Genieo were also found to have gained access to macOS’ keychain by faking a click on the dialog box that appears, asking for user permission when an app tries to access keychain data. Access to the keychain allows apps to grab user data like usernames, passwords, and credit card details.

To avoid installing Genieo, don’t download software from Softonic, ignore any warnings you see on pop-up windows or tabs that tell you need to update Flash Player, and be careful about the websites you visit.


How to remove Genieo on your Mac

If you’ve already installed Genieo, there are a couple of ways to get rid of it.

Get rid of Genieo the manual way

  1. Update your Mac to the latest version of macOS and restart it.
  2. Go to your Applications folder and look for any apps you didn’t expect to see or didn’t deliberately install and uninstall them.
  3. Launch Safari, click on the Safari menu, and choose Preferences.
  4. Click the Extensions tab and look for any extensions you didn’t intend to install, and click uninstall to remove them.
  5. Go to the General tab and check your homepage and default search engine are the ones you set. If not, reset them.
  6. If you use Chrome or Firefox, you should take similar steps to check extensions and settings in those browsers.

Chrome

  1. Type “chrome://extensions” to check extensions and remove any you don’t want.
  2. Type “chrome://settings” to check your homepage and default search engine.

Firefox

  1. Click on the three lines at the right of the address bar.
  2. Choose Add-ons and then Extensions to check and remove extensions.
  3. Choose Options to check your homepage and default search engine.

How to remove Genieo the easy way

Some Mac cleaner apps are trained to exterminate Genieo virus. One of them is CleanMyMac by MacPaw that has a built-in Malware Removal feature that recognizes Genieo, along with lots of other “backdoor” malware. This smart feature is found within the Protection tool. If you use it, there are pretty good chances you will remove the virus in less than 10 minutes. 

  1. Get a free edition of CleanMyMac — a link to a free version.
  2. Open it and click Protection.
  3. Click Scan.
  4. When it’s finished scanning and identified the malware, click Remove to get rid of it.

That’s it! See how easy it is. Lots of Mac users have found CleanMyMac to be an excellent and easy way to get rid of malware.

Removing threats

Tip: As an extra security measure, use Applications in the same app and its uninstaller feature. It builds a list of all your apps, including the stealth software that doesn’t get shown in the Applications folder. Here is how it looks:

Applications module in CleanMyMac


Genieo is a PUP that disguises itself as an essential update to Adobe Flash or a video codec for macOS. Once installed, it intercepts searches, displays intrusive adware, and may steal data. To avoid downloading it, never click on a pop-up that claims your Flash Player needs to be updated. If you’ve already downloaded it, you can get rid of it quickly and easily using CleanMyMac, which can also identify and remove lots of other Mac malware.