Genieo is a macOS browser hijacker and adware that modifies browser settings, injects advertisements, and tracks user activity. It is commonly distributed through bundled software and deceptive installers.

Symptoms

You might observe the following artifacts associated with this threat:

• Browser homepage, search engine, or new tab settings changed without consent.
• Increased advertisements, pop-ups, or sponsored search results.
• Unwanted browser extensions installed automatically.
• Slower browser performance or redirects to unfamiliar websites.
• Difficulty removing installed applications or persistent reinstallation.

Technical Breakdown

Genieo is classified as a browser hijacker that behaves like adware and is primarily distributed through bundled installers and deceptive downloads.

Once installed, Genieo modifies browser settings to redirect searches and display sponsored content. It commonly targets major browsers like Safari, Chrome, and Firefox by injecting extensions or altering configuration files. 

Unlike typical adware, Genieo has demonstrated the ability to use system techniques to persist on macOS. Some variants modify system environment settings and use obfuscation to evade detection, making removal more difficult. Genieo is often delivered through fake updates or bundled applications, such as installers posing as Adobe Flash updates or video codecs. 

More advanced variants have been observed interacting with macOS Keychain data by automating user permission prompts, enabling access to sensitive information without clear user awareness.

Next Steps

Iru Endpoint Detection & Response (EDR) automatically removes detected threats when file monitoring is set to Protect.

While the malicious files are removed, Genieo may leave behind browser extensions or configuration changes that should be cleaned manually.

To reduce risk in the future:

• Only install software from trusted and official sources.
• Avoid downloading applications from bundled installers or third-party sites.
• Do not trust pop-ups prompting updates for software such as Flash Player.
• Review browser extensions regularly and remove anything unfamiliar.
• Keep macOS and security tools up to date.