FocusDeploy

FocusDeploy targets Mac systems and then attempts to monetize its presence there, by acting as an adware and a browser hijacker. Naturally, users are extremely unlikely to download and install such a dubious application willingly. Instead, these applications are classified as PUPs (Potentially Unwanted Programs) due to the deceitful tactics involved in their distribution. The underhanded methods may include bundling the intruder application alongside a more popular program or being injected inside fake installers/updates.

No matter how FocusDeploy was able to sneak itself into the Mac, it will start running an intrusive ad campaign. The delivered advertising materials can take numerous forms - pop-ups, banners, surveys, in-text links, etc., and could be placed over legitimate sites, impacting the browsing experience on the device significantly.

FocusDeploy also is used as a vehicle for the promotion of a fake search engine. The application will take control over the browser's homepage, new page tab and the default search engine. By modifying these three settings, the promoted page will be opened whenever the user starts the affected browser, opens a new tab, or initiates a search via the URL bar. Fake engines are usually incapable of delivering results on their own and, instead, redirect the user's searches through a legitimate one such as Yahoo.

PUPs also commonly exhibit another intrusive behavior by spying on the user's browsing activities. These applications may be accessing the browsing history, search history, IP address, geolocation and more.