Welcome to the Computer Security Wiki! You can help us by expanding stubs, create new articles and improve current articles.
You can also help us by logging-in or creating an account!


From Malware Wiki
Jump to: navigation, search
Most of this page uses content from Wikipedia. The original article was at Genieo. The page may have contained some inaccurate or outdated information, so please rewrote some parts to avoid plagiarism.
The list of authors can be seen in the page history. As with Malware Wiki, the text of Wikipedia is available under the Creative Common Attribution-ShareAlike 3.0 License.
Remove this template when most of the Wikipedia content has been removed or the Wikipedia information is outnumbered by non-Wikipedia information.
CreatorGenieo Innovation
DateMarch 2010
This box: view  talk  edit

Genieo Innovation is an Israeli company, specializing in unwanted software which includes advertising and user tracking software, commonly referred to as a potentially unwanted programadware,[2] privacy-invasive softwaregrayware,[3] or malware.[4] They are best known for Genieo, an application of this type. They also own and operate InstallMac[5] which distributes additional 'optional' search modifying software with other applications. In 2014, Genieo Innovation was acquired for $34 million by Somoto,[6] another company which "bundles legitimate applications with offers for additional third party applications that may be unwanted by the user".[7] This sector of the Israeli software industry is frequently referred to as Download Valley.[8]


Genieo Innovation was founded in April 2008 by Sol Tzvi and Jacob Tenenboem.

The first version of Genieo was released in September 2009,[9] and the beta version was launched at the Demo2010 conference on March 2010.[10]

Genieo's website has been down and it is suspected that it has changed its name to InKeepr.[11]


The software installs itself onto computers and makes it almost impossible for users to remove it. It hijacks the user's browser and tracks browser usage with the intention of mining information. Users complain that it acts like a virus and they need to run special programs to remove it.

Malware issues

Genieo is listed as malware in Apple Inc.'s XProtect anti-malware service, which built in to all Macintosh computers running Mac OS X Snow Leopard or later.[2]

In May 2013, a malicious installer, distributed by Genieo partner Softonic,[12] was found by security software company Intego. The installer masquerades as a necessary update to Adobe Flash Player and attempts to install Genieo.app without user interaction. Dynamic libraries are added to the Safari browser, which intercept searches intended for Bing and Google.[13]

Other versions of Genieo for Mac have also been offered as 'codecs' required for video playback.[14] Testing carried out on Genieo for Mac in June 2013 found that it left active software behind, after using the supplied uninstaller, which required detailed manual removal.[14][15][16]

In November 2013, another fake application installer was reported to include Genieo adware. [17]

In January 2014, Sophos added Genieo for Mac to their threat list; in the category Viruses and Spyware : Trojan horse (computing) : Adware .[18]

As of November 2014, Genieo for Mac is flagged by Intego (mentioned above)[13][15] and, according to an analysis at VirusTotal, by 25 (out of 55 surveyed) anti-malware solutions, including Ad-AwareAvast!BitdefenderComodoDr. WebESETFortinetF-SecureKasperskyTrend Micro Housecall, Sophos and Symantec[19]

In July 2014, Genieo was acquired for $34 million by Somoto,[6] another company which "bundles legitimate applications with offers for additional third party applications that may be unwanted by the user."[7]

In August 2015, malware researchers discovered a Genieo installer which acquired access to the Mac keychain, by an automated click on "allow", when the permission dialog for the keychain was displayed.[20] The code was in a Safari browser extension added by Genieo, and was also contained, but not immediately used, in earlier versions of the installer.

Apple now provides detailed instructions on how to remove Genieo/Installmac & other adware on its website.

Genieo case became the impetus for the rapid emergence of similar adware: Only Search, MacShop Ads, MacVX, etc.


  1. Jump up^ "Genieo.com Site Info"Alexa Internet. Retrieved 2014-04-01.
  2. Jump up to:a b Apple Cracks Down on Adware
  3. Jump up^ Symantec (anti-virus software vendor) on Genieo, updated 10 July 2014
  4. Jump up^ Advertorials: Genieo’s Link between Advertisers and Readers Archived December 8, 2013, at the Wayback Machine.
  5. Jump up^ www.installmac.com
  6. Jump up to:a b Somoto Acquires Genieo for 34M
  7. Jump up to:a b Sophos Threat Center — Somoto
  8. Jump up^ Hate Pop-Up Ads? Microsoft tries drawing line in the sand Wall Street Journal, Orr Hirschauge, June 4, 2014
  9. Jump up^ "Create a Personal Homepage Without Lifting a Finger". Archived from the originalon 2010-01-12. Retrieved 2010-06-24.
  10. Jump up^ DEMO: Genieo takes automatically generated homepages mobile
  11. Jump up^ Genieo Changing Its Name?
  12. Jump up^ "Genieo FAQ - What is Softonic Home?". Archived from the original on 23 May 2013. Retrieved 24 May 2013.
  13. Jump up to:a b Lysa Myers (May 23, 2013). "Another Problematic Softonic Installer Brings Adware"Intego. Retrieved 24 May 2013.
  14. Jump up to:a b "Malicious Genieo installers persist". Retrieved 23 June 2013.
  15. Jump up to:a b Lysa Myers (June 25, 2013). "Another Sketchy Genieo Installer Discovered"Intego. Retrieved 2013-12-17.
  16. Jump up^ "Adware Removal Guide : Genieo". Retrieved 9 November 2013.
  17. Jump up^ Thomas Reed (November 26, 2013), "Malicious download installs Genieo and GoPhoto.it adware"The Safe Mac, retrieved 2013-12-17
  18. Jump up^ Detailed Analysis - OSX/Geonei-A
  19. Jump up^ / Virustotal.com InstallGenieo.app analysis
  20. Jump up^ [1] Genieo installer tricks keychain - Malwarebytes