Threat Database Mac Malware ExtensionInstaller


ExtensionInstaller has been classified as both an adware application and a PUP (Potentially Unwanted Program). Most PUPs, ExntesionInstaller included, hide the fact that they are going to be installed on the user's device through various deceptive methods. The most popular one is called 'bundling.' This method sees the installation of the PUP being added as a preselected option under the 'Advanced' or 'Custom' settings that are part of the installation process of another more popular freeware program. PUPs are also often spread through fake software installers/updates.

Once inside the user device, ExtensionInstaller will begin to monetize its presence by running an intrusive advertising campaign. The generated advertisements could be in the form of pop-up windows, banners, hyperlinks injected into the text of viewed websites, surveys, etc. Interacting with any of the delivered advertisements is considered to be a security risk as it could trigger a forced redirect to unsafe third-party websites. The user could land on dedicated phishing pages, tech support tactics, domains distributing additionals PUPs, or even compromised websites that may try to download malware threats onto the device.

Most PUPs also are equipped with data-collection capabilities that they will use to access, log, and then exfiltrate sensitive user data. Among the gathered information could be the browsing and search histories, IP address and geolocation, ISP and more.


Most Viewed