Threat Database Adware OffersPrimary

OffersPrimary

Threat Scorecard

Threat Level: 20 % (Normal)
Infected Computers: 11
First Seen: September 2, 2021
Last Seen: November 10, 2022

The number of dubious and intrusive applications that are targeting Mac users continues to grow, demonstrating the enduring attention that certain circles of unscrupulous people are paying to the Apple ecosystem. One such application that has caught the attention of infosec researchers is OffersPrimary. It combines the capabilities of adware and a browser hijacker to maximize the monetary gains it can generate through its presence on the Mac. Other similar PUPs (Potentially Unwanted Programs) include EasyMacSoft, MainOperations and PureAdvantage.

The intrusive ad campaign run by OffersPrimary will see the user's Mac device flooded by unwanted and potentially risky advertisements. The advertisements may appear as pop-ups, banners, in-text links, and could be injected into unrelated third-party websites in an attempt to make them seem more legitimate. Furthermore, the advertisements could be promoting more useless PUPs, threatening websites or phishing pages.

The presence of OffersPrimary on the Mac also will affect the installed Web browsers. As a typical browser hijacker, the application is targeting the browser's homepage, new tab page, and default search engine mainly. All three settings may now be switched to open a promoted Web address. In the vast majority of cases, the new address will belong to a fake search engine that is completely incapable of delivering any results through its own functionality. When users initiate a search query they could instead be shown results from a legitimate engine or a dubious one. In the latter case, the displayed results may include sponsored advertisements or promotion links to untrustworthy websites.

PUPs also are infamous for spying on the browsing activities carried on the system. Users could have their browsing history, search history, and clicked URLs collected, stored, and then transmitted to a remote server under the control of the PUP's operators. The harvested information also may include numerous device details, as well as sensitive banking and payment info extracted from the user's Web browser.

Trending

Most Viewed

Loading...