CheckLetter

Another dubious application is trying to take advantage of Mac users who do not pay enough attention when installing programs. Named CheckLetter, the application is capable of monetizing its presence on the Mac by acting as adware and a browser hijacker. Furthermore, due to the deceptive techniques employed in its distribution, CheckLetter also is classified as a PUP (Potentially Unwanted Program). Other similar PUPs are Reputation Lookup, ProADBlocks and MacOSDefender.

Adware applications are tasked with generating money for their operators by delivering intrusive and annoying advertisements. The advertising materials could take many forms - banners, in-text links, pop-ups, and may even be injected into unrelated third-party websites. Users could then be left with the impression that the advertisements were delivered by that website and not because of the PUP. Interacting with the presented advertisements may put users at risk of being taken to various shady websites. The destination may include online tactics, pages running phishing schemes, domains spreading additional PUPs, or even malware threats.

In the meantime, the browser hijacker functionality will change the homepage, new tab page, and the default search engine settings of the user's Web browsers. All three will now start opening an unfamiliar promoted page, typically a fake search engine. Fake engines lack the ability to produce any search results. They either redirect to a legitimate engine (Yahoo, Bing, Google, etc.) or cause redirect chains that could go through several dubious engines and finally show low-quality results.

Another red flag often associated with PUPs is their ability to spy on the user's browsing activities. These dubious applications may harvest information, such as browsing history, search history, clicked URLs, etc. They may even obtain device details that also will be transmitted to a server under the control of the application's operators.