RequestPlan

RequestPlan is an adware threat that also has some specific browser hijacker functionalities. It targets computers running macOS and belongs to the infamous Adload malware family. That is made visible through the distinctive logo used by all Adload members – a magnifying glass icon placed on a green, teal, or red background.

As typical for Potentially Unwanted Applications (PUAs), RequestPlan spreads around through the standard “bundling” method and lands on devices without users’ intention. Namely, it comes as a drive-by download of cracked programs, fake software updates, and other questionable tools and applications distributed through unsafe websites on the Internet. Once inside a Mac machine, RequestPlan establishes several new components, like new entries in the Profile section and some Login items. It uses Apple’s built-in script for that purpose, which allows the adware to ensure its persistence and make victims struggle to get rid of this undesired app as soon as they notice its presence. In that case, malware experts recommend using an automated malware removal tool.

While these modifications happen in the background, some classic symptoms of an adware and browser hijacker infection eventually come to the surface. RequestPlan installs as a new browser extension on the most popular browsers, including Safari, Mozilla, and Chrome. Affected users will notice that their homepage, new tab address, and default search provider have been replaced with Safe Finder or another untrusty search engine. Subsequently, all searches will be redirected through unknown websites, while the delivered results page is filled with sponsored links and ads. RequestPlan also generates a constant flow of pop-ups, banners, fake coupons, deals, and other advertising content on infected computers. Other than that, this PUA collects sensitive information, imposing serious risks for user’s online safety.