What is Genieo and why did it appeared misteriosouly on my MacBook Pro?

Nope, no chance of that. Even if the web browser is set to open "safe" files after downloading, it would only mount he disk image, not run the installer. Any time an executable file is downloaded and then launched without user interaction, that is a very serious bug.

As for the automatic downloading, any JavaScript can do that. That's not a security issue, per se, but it can be used for malicious purposes. The user still has to be tricked into opening whatever is downloaded, though.

Definitely thinking Javascript is the culprit in the case of my machine. Thought I'd killed it, but apparently only in two out of the three browsers. D'oh.

That said, what you say still suggests that using Javascript plus some trickery, an end user could install genieo without realizing or intending to do so, so interrogating a brother might not be useful, nor does the fact that neither the brother nor the owner of the computer (upthread) intended on installing software mean that someone else has gotten access to that computer. Somebody is using questionable tactics to get this software on computers. I only hope that Genieo cares enough to track them down and stop paying them. Because it's one thing to bundle and a whole different thing to engage in flat out trickery.

what you say still suggests that using Javascript plus some trickery, an end user could install genieo without realizing or intending to do so

Not quite. JavaScript cannot eliminate the knowledge that something has to be opened or installed by the user. JavaScript can only download the file, which will then sit inert in the Downloads folder until the user decides to do something with it. Of course, that doesn't mean the user will remember that... I see people all the time who have installed some junk software, then forgotten all about it.

Where Genieo could sneak in without the user's knowledge is through bundling. There are plenty of examples of junk software including junk browser toolbars or add-ons as a source of revenue. This is not always made clear during installation. Sometimes, it's not even the fault of the software being installed... Download.com, for example, has been known to wrap existing software in an installer that will also install junk toolbars or add-ons. This is done without the permission of the developer whose software is being "hijacked."

Technically, such software - including Genieo - is not malware. But it's definitely unwanted junk that shouldn't be installed, and usually if you find that it has gotten installed, it's probably because not enough care has been taken with regard to what is downloaded and from where.

I know for a fact that I inadvertantly installed Genieo when I installed Logitech on my computer. I saw the icon and thought that it was an important part of Logitech, but apparently not. I'm a bit annoyed that it snuck through the side door, so to speak.....after researching the program, it looks interesting and so far had come up with homepage topics of interest.....however, that kinda bothers me as well....the fact that it's gleaning information from my browsing habits in order to entice me check out their homepage links regularly. They operate on "text mining" and "behavior targeting"----two terms which just don't sit right with me although I'm sure we are already at the mercy of many companies doing the same. http://en.wikipedia.org/wiki/Genieo

That said, I'm inclined to get rid of it. It's not an American company and who knows the guidelines and regulations in place...... also all I need is for some sort of overseas conflict to occur and a Top Level World Hacker to infiltrate their system and my stuff will have been 'mined' and my behavior "targeted" and my lowly meager existence will further decline into an abyss. (yes, I am a card-carrying conspiracy theorist who watches too many movies! LOL)

I write this after resetting my password because Evernote has been hacked.... I don't need to be any more vunerable than I already am. And it looks like I already am!!

It was on the installation CD for the Logitech HD Portable 1080p Webcam.

(OMG it came with my webcam -- conspiracy, spying, infiltration, now they're watching us even when the green light is NOT on!! LOL)

(funny.....as I'm typing this, the Genieo box popped up in the right hand corner of my screen scrolling 4 topics I find very interesting both personally and professionally...... sigh.)

Good to know. I've yet to encounter anyone who will admit installing it, and though I knew that it was also likely to be bundled with other software, I hadn't yet found anyone who could tell me what software. Thanks for the info!

Genieo Comes to your computer dissguised as a "fake" Adobe Flash Player Update. When you click to update Flash it automatically downloads Genieo.

Then you must install. Quite frankly, to me any program that gets on my computer guised as something else and without my permission, is by that very definition malware.

It's basically some type of tracker program disguised as a handy little tool to remind you of everywhere you've been on the web on a convenient page. Whatever! I really don't have any problem remebering where I've been on the web.

This is from their website:

"Genieo studies your preferred individual interests at the highest resolution, by following and analyzing your browsing routine. Genieo then continuously explores the internet for specific information items which are mostly related to your interests, and presents them on your personal Homepage"

I find it hard to think of anything more usless...

There is nothing innocent about it, just look at the number of posts of people saying it's "hijaked Safari" and "how can they cant get rid of it".

Genieo Comes to your computer dissguised as a "fake" Adobe Flash Player Update. When you click to update Flash it automatically downloads Genieo.

That's the first I've heard of such behavior. Can you provide additional information about where/how you learned this?

IIt just happened to me. A window just came out in Safari while I was browing, asking to update my latest version of Flash Player... the graphic was a bit off so I realized it was a scam/phishing.

I've reported it to a couple of websites.

I've decided to click it anyway (since my mac is quite secure) and safari started downloading "InstallGenieo.dmg"

that piece of software may be genuine but the way they smuggle it on your mac is not...

Yes, I was listening to a song on Soundcloud when a popup appeard and notified me that there was an Adobe Flash Player Update availabe, which struck me as odd since I was not using flash player. I thought maybe its just a periodic update check that flash player performs in the background. It looked to be a true Adobe styled update window and gave me the option to install now or later. I chose now, but instead of installing it downloaded Genieo.dmg.

That also struck me as odd so I did not automatically open the program but decided to get more info about it from the web and see if this had happened to others as well. Apparently, it has. Others I have talked to seem to have just automatically installed it, without questioning. I have not known it to automatically install, only to automatically download to your computer, then if you think its something else you end up installing it.

Since I've installed Adobe Flash Player and Acrobat updates before I know they don't update like that so I trashed the file and started to try and figure it out. Now I don't know what actually happens if you end up installing the file.

It did happen one more time, this time while I was reading an article on the Huffingtom Post website, same sceneario only this time I chose the "later" option and did not download. I am using a Imac Intel running OS 10.8.3 and Firefox as my browser, I tested with Safari and got the same thing so Im not sure if the browser has anything to do with it. Hope this helps.

This is quite interesting, and indicates that Genieo may be escalating from crappy adware to actual malware.

Do either one of you happen to remember an exact page address that you were on when this window came up? Most likely that won't be of any help, because this is probably coming up from cycling advertisements on the site, and the ads wouldn't be the same the next time around. But you never know... any additional information that you can provide would help to expose what's going on.

I had the same fake falsh update popup, but that did not happen on the same website (cant remember ...)

I did dowload the version provided by the fake popup, and then, i went on genieo's official website to download their own version ...

here are the changes :

official md5:9426293f02b056a44f9e64e16aac20d8

fake md5:cdc43c6ff0ba8dc85d10fecd61715c45

when i right-clic on the files in finder to have more info :

official size:691 097 octets

official comming from:http://download.genieo.com/partner/genieo/mac_release/live/InstallGenieo.dmg, http://www.genieo.com/

fake size:691 179 octets

fake comming from:http://download.genieo.com/partner/webpic/mac_release/live/InstallGenieo.dmg, http://superdownloaderssite.info/

content of http://superdownloaderssite.info/ (wich name has no relation with the name of "genieo"), only contains a small text and point to a link to download genieo ... i don't know if it's really suspicious, maybe ?

to stop any speculation, maybe the best is to decompile the two version to check what are these 100 octects plus in the fake version, but i don't have the knowledge to do that, but i can provide the two files;)

edit

anyway, for those who want to remove genieo, the procedure is here : http://www.genieo.com/faq#uninstall

Message was edited by: naja_trance

Hi everybody,

I just downloaded this genieo stuff, but I am very scared now that it might have been a bad virus.

I remember the adobe reader popping up that it wanted to download an update. I remember kk's screenshot with the possibly fake install flash player upgrade, I agreed to install. It launched the download of a image file which I opened and it created a genieo driver.

Now the mistery is that all this disappeared, there is no genieo application anyware, the downloaded image file disappeared from the downloads and also from the deleted items. Firefox has nothing I can see.

Is it because I have various anti virus software like avast antivirus or intyego virus barrier, I don't know.

I will immediately perform a full check of the mac to see if there is anything suspicious.

Thomas A Reed wrote:

I'm curious why you recommend this tool?

Hi Thomas,

1) Hendrick wants to perform a full check of his mac -> the best to do that (not only for Genieo 😉 but for all "shitware") is to use a live cd antivirus to boot with, and the one i recommanded is one that is perfectlly HFS and HFS+ compliant, and totally free of use ...

2) Anyway, i never said to Hendrick "hey, put that live cd into you mac and just see what hapend if you try to boot with" ...

3) Anyway again, PC and Mac computer are both builded around same architecture now, so ...

If users like Hendrick don't have any linux computer at home (or at friend's ?), would it be sooooooo stupid to try n°2 ???

Sorry for my english ^^

There is absolutely no need or benefit to boot from a Linux system on a CD to scan a Mac for malware. Especially when the engine you are recommending does not detect the software you're recommending it for.