Mac downloads included Genieo???

Last night (6/22/2023) installed latest versions of OS and Safari on MacBook Air and iMac and my virus software reported it quarantined Genieo upon download on both machines. I assume it came as part of the Safari. Why would this malware be included in these updates?

Posted on Jun 23, 2023 7:57 AM

Reply
15 replies

Jun 23, 2023 2:44 PM in response to CincyTech

No AV software should be used on a Mac. There are no Mac viruses. Period. They haven't existed since the release of OS X, 10.0.


Viruses are malware that self-propagate. While a couple were developed (over 10 years ago) by security labs that worked, the method by which they worked were reported to Apple and patched against. There has never by a virus in the wild.


Worms are also essentially non-existent. The only known worm was Oompa-Loompa. Also known as Leap-A. That was also patched against at least 10 years ago.


The main threat are Trojans, which is any malware the user must be tricked into installing, whether you knew you were doing it or not. They can't get on your Mac by themselves. All of these are Trojans since they all require action on your part to get on your Mac:


Adware

Back doors

Ransomware

Key loggers

Spyware

And anything else in a similar vein.


You may think AV software would be helpful for these. They aren't. The AV software can't know what it is you're installing and/or running until after the fact. Few will even alert you to the malware you just installed. So, they're useless two ways. They can't stop you from installing or running a Trojan, and almost never even let you know you did.


Your best defense is to use your head. Don't download anything from P2P, file sharing or pirate sites. Get your software only from legal, legitimate sources.

Jun 25, 2023 12:37 PM in response to stedman1

I turned on "Intego AV software" to check, after Malwarebytes did not report anything after a scan, and "Intego" said this was "OSX/Genieo" on my Mac:


/Library/Apple/System/Library/InstallerSandboxes/.PKInstallSandboxManager-SystemSoftware/4A6E670F-9D45-42F9-B7C8-FBA2AA764A38.activeSandbox/Root/Library/Apple/System/Library/CoreServices/XProtect.app/Contents/MacOS/.BC.T_48Gvw6


Looks like a part of XProtect.app that is being identified as "malware".

Jun 25, 2023 12:53 PM in response to tutlek

tutlek wrote:

I turned on "Intego AV software" to check, after Malwarebytes did not report anything after a scan, and "Intego" said this was "OSX/Genieo" on my Mac:
Looks like a part of XProtect.app that is being identified as "malware".


It’s called a “false positive”.


The add-on is (mis)detecting the built-in anti-malware.


Check for definition updates for the add-on anti-malware to correct this false positive, and if not then report it to Intego.


Or remove the add-on app, and use the built-in anti-malware.

Jun 25, 2023 1:28 PM in response to tutlek

I don't recommend it, you don't need it, and if you use it you certainly don't need it installed and running all the time.


If you are ever deceived into installing something you don't want, you never have to install something else to remove it. All you might need is some guidance, which is readily available on this site.


Effective defenses against malware and other threats - Apple Community describes the principles I have followed for decades now.

Jun 25, 2023 1:38 PM in response to tutlek

tutlek wrote:

I thought experienced users on this forum recommended it as the only one they would use.


The only anti-malware I prefer to use is the built-in anti-malware. I’ve rarely used MalwareBytes. And have long followed an approach akin to what John Galt has written in that linked article, too.


The built-in Apple anti-malware has been getting substantial upgrades, as well as upgrades macOS itself including the read-only system volume, as well as updates to app store scanning, to sandboxing, and other areas.


Here’s a little light reading: Apple Platform Security - Apple Support



PS: There are cases when end-point security is useful too. A whole lot of malware detection in organizations has moved out onto the network with anomalous traffic detection and such, and that’s not (yet?) a good option for not-organization users. This as add-on anti-malware apps just aren’t all that effective as compared with the built-in. This even over on Windows, with the built-in whatever-they’re-calling-Defender-this-week.


Mac downloads included Genieo???

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.