UltraSystem

UltraSystem is an intrusive application equipped with both adware and browser hijacker capabilities. It is mainly targeted at Mac systems and its goal is to get installed on them without being noticed by the users. Dubious PUPs (Potentially Unwanted Programs) such as this one are notorious for using questionable distribution techniques to hide their installation. One of the most commonly encountered by users is known as bundling. It involves wrapping the installation of the intruder application inside the installation settings of another software product. Another popular tactic sees the dubious application being spread by fake software installers. UltraSystem has been observed employing exactly such methods with the application hiding inside fake Adobe Flash Player updates.

Users who do not pay enough attention will find themselves subjected to countless unwanted advertisements. The advertisements generated by the PUP could appear as pop-ups, banners, surveys, in-text links, etc., and could even be injected into unrelated websites in an attempt to seem more legitimate. Users who engage with the displayed ad materials risk being redirected to unsafe websites spreading additional PUPs, running online tactics, or trying to obtain sensitive information via phishing schemes.

UltraSystem also has the ability to assume control over the installed Web browsers. Its goal is to change certain settings (homepage, new tab page and default search engine) and then set them to a promoted Web address, usually a fake search engine. The promoted page will be opened every time users start the affected browser, launch a new tab, or try to search the Web via the URL bar. Fake search engines do not deliver results on their own, as they lack the necessary functionality completely. The user's search queries will be redirected to a legitimate engine or taken through several dubious ones. It should be noted that browser hijacker applications typically possess persistence-mechanism to ensure their continued presence on the system.

Another common trait observed in these intrusive applications is data-collection. The PUP may be quietly collecting various information in the background. The data could include the user's browsing activities, as well as numerous device details. The acquired information will be exfiltrated to a server controlled by the PUP's operators.