GlobalVersion

More annoying and intrusive applications that try to take advantage of Mac users have been discovered by the infosec community. One such example is the GlobalVersion application. Its main function is to monetize its presence on the Mac through several different methods. More specifically, it can act as adware and a browser hijacker simultaneously.

It is extremely unlikely for users to download and install such applications knowingly. GlobalVersion is not an exception as it is mostly spread via questionable distribution techniques. That is why it also is regarded as a PUP (Potentially Unwanted Program).

The adware part of GlobalVersion is tasked with delivering numerous potentially unsafe advertisements. Users will be flooded with advertisements for dubious software products (likely more PUPs) or leading to hoax websites, phishing pages and other untrustworthy sites. The browser hijacker functionality, on the other hand, will take over the installed Web browsers, Users will notice that their typical homepage, new page tab, and the browser's default search engine have all been switched to open a new unfamiliar address.

The promoted page is most likely a fake search engine that would otherwise be completely ignored by users, and with a good reason. Fake engines lack the functionality to produce any search results. At best they can redirect the initiated search query to a legitimate engine. However, in other cases, users may be presented with low-quality results taken from a dubious search engine.

PUPs, most often than not, also carry data-harvesting capabilities. The unwanted application may be spying on the user's browsing activities, exfiltrating various device details, or even trying to extract sensitive data saved into the affected Web browsers.