This dynamic library injects the second, libgenkitsa.dylib, into Safari when the browser is launched. Libgenkit.dylib is added to OS X’s global launchd configuration file: Once Genieo.dmg is downloaded, it installs Genieo.app and adds it to the Login Items so that it will be restarted at login.
#Unrarx dmg install#
checking if Java is installed, and recommending to install it, as the Genieo application requires it.gathering the user’s kernel mode (32 or 64 bits) and system version.Upon running the file, the installer performs a number of notable actions: While there is no explicit reference to Softonic there, but the genTugM partner installer still points to a Genieo version that contains text referencing Softonic.
#Unrarx dmg generator#
This led us to the Genieo app generator for Genieo and their list of partners. Running the adware in a virtual environment confirmed traffic containing references to Softonic in URLs. The Java applet itself also contains references to Softonic. Genieo.app/Contents/Resources/Java/Partner/genTugM/conf/ist.It’s within these “Partner” settings that we find some interesting information, in the most recent installer variant that’s delivered by fake alert.
The Genieo application is written in Java.
This most recent delivery method required neither and was clearly trying to trick users into thinking the installer was something other than it really was. Previous versions of the Genieo installer were opt-in, and the installer asked for a password. The fake alert currently delivers a Windows executable, regardless of browser version. At the time of the report, the fake alert detected OS X browsers and delivered a Genieo installation disk image: It looks like they’re at it again.Ī recent blog post on The Safe Mac drew our attention to a report of a fake Flash alert that led to a fake installer download. You may recall that Softonic recently drew much ire for a short-lived but troubling installation package that surreptitiously delivered adware to people trying to install two popular applications – UnRarX and VLC. Malware + Security News Another Problematic Softonic Installer Brings Adware