What is PUP malware, and how can you get rid of potentially unwanted programs?

There are lots of types of malware that do their best to try to get onto your MacBook, and with Mac-targeting malware on the rise, the risk has never been greater. One category of threats consists of potentially unwanted programs, also known as PUPs. But what is a PUP? And what dangers do they pose to your machine?

What is a PUP in cybersecurity, and how does it relate to malware?

A PUP is a potentially unwanted program that installs on your device without your informed consent and behaves in sneaky ways you didn’t intend. PUP software often sits on a fine line between annoying adware and harmful malware that’s hard to get rid of.

According to a 2026 report by ConnectWise, the projected global cost of cybercrime is expected to reach $13.82 trillion by 2028, with potentially unwanted programs (PUPs) playing a key role in attackers’ strategies.

Is a PUP considered malware or a virus?

Not all potentially unwanted programs are considered PUP malware, and they cannot be defined as a PUP virus, since they do not self-replicate. Some are legitimate but intrusive applications, which companies will classify as PUPs to avoid legal repercussions. 

PUPs can range from adware to browser hijackers or tracking tools. If you’ve ever downloaded an application and given your consent, there is a chance you may have installed PUP software and didn’t read the fine print. These consent loopholes are how companies get away with installing sneaky software you didn’t intend to approve.

The last thing you want is for malware to be installed on your Mac device via a PUP without your knowledge, as it is difficult to remove or stop PUP malware from doing further damage once it’s installed. This is the case for malware that hijacks your browser, tracks your activity, and installs hidden components that are difficult to remove.

What do PUPs do, and how do they work?

PUPs may sound cute, but what they do isn’t. They’re a nuisance, and they do pesky or intrusive things such as:

• Run ads on your browser
• Track your user activity
• Change browser settings
• Install extensions without your knowledge
• Change your default search engine
• Offer features you never asked for

These features pose a problem when they start using up resources on your Mac and slow down your system. They are also annoying problems to face when they take up space on your screen with frequent pop-ups or browser redirects.

How PUP malware affects your device and the risks involved

On the surface, PUP may not be causing serious issues with your device. But under the surface, it may be doing a lot of damage:

• Your MacBook could significantly slow down. Malware is resource-intensive, and PUPs are no exception. A lot of them use your CPU and your Wi-Fi network, which comes at the expense of speed.
• Your device may overheat. CPU and network assaults will take a toll on your MacBook’s battery. The more the device has to work, the hotter it’s going to get. This will have consequences for your battery, which may become damaged due to the excessive heat.
• If that PUP is a browser hijacker, your browser settings could be changed. These settings include your homepage, your new tab page, your default search engine, your security settings, and more.
• A PUP can also make unauthorized system changes to your MacBook, such as installing configuration profiles, changing software settings, or installing its own applications.
• Pop-ups and ads take over your screen. PUP adware makes money by pushing ads and redirects in front of you. Some of those ads are just annoying. Others are designed to get you to click something that leads to a scam or exposes your credit card details.
• Your browsing data gets collected and then sold. Your browsing history, search queries, location, and app usage are worth money to data brokers. Many PUPs harvest this quietly in the background and pass it along without you ever knowing.
• Your personal information is at risk. Some PUPs go further – targeting your full name, address, phone number, credentials, and even your social security number. This is where a PUPs virus situation stops being just an annoyance and becomes a genuine security threat.

Some PUPs can also introduce additional malware that is difficult to remove and can remain hidden in your system for a long time, making the problem more serious. However, a powerful anti-malware tool, like Moonlock, can still detect the suspicious symptoms of a PUP threat and alert you to its existence. There’s a free 7-day trial if you want to run a check.

Common ways PUPs get installed on your device

When dealing with a PUP infection, it’s essential to know how it got onto your device in the first place:

1. Malware-infected links: Links are the most popular form of distribution. They can be sent to you by email, chat message, or SMS. Clicking on these links will then lead to malware being installed.
2. Bundled software: This can include free software from unethical developers, as well as software that you think is legitimate. Meanwhile, a trojan is covertly installing itself in the background.
3. Fake updates: If you’ve ever clicked on a pop-up telling you that Flash Player needs to be updated, it’s likely that you have malware. Software never needs to be updated through a pop-up, never mind that Adobe Flash Player was officially discontinued in 2020. If you have Flash Player on your computer, uninstall it immediately.
4. Malicious browser extensions: Any extensions sideloaded from outside of a browser’s official extension site could have malware inside. This is why you should never sideload an extension.

How can you tell if a PUP is on your Mac?

At first, you may not even notice that your Mac has been infected with PUP adware or that PUP files are sitting in a hidden or unfamiliar folder. However, symptoms eventually come along. Here are a few telltale signs of a PUP infection:

• Pop-ups and ads increase on your browser
• Sluggish performance
• Unknown browser extensions installed
• Changed homepage or search engine
• Missing uninstall options
• Suspicious processes in Activity Monitor using high CPU or memory

Other signs can include frequent redirects, unrecognized account activity, and strange or unfamiliar apps that won’t uninstall or are difficult to remove.

If your Mac has any of the following symptoms, it’s time to check your device for threats. You can scan your Mac for malware or use a security tool like Moonlock, which spots hidden threats and suspicious activity and removes PUP malware completely.

How to remove PUP malware from your device

If reading the list of symptoms above has convinced you that you have a PUP on your computer, here are some removal solutions for Mac. We will start with the most effective solution.

How to get rid of potentially unwanted programs safely

There are 2 ways to remove a PUP from your Mac: an easy way and a hard way.

While not particularly difficult, the hard way is time-intensive and doesn’t always work out. You’ll need to manually sift through all the programs installed on your Mac, identify which one you didn’t intend to install, and then remove it.

Even then, if the PUA or PUP is truly malicious, you might not be able to find and safely remove it using traditional means. That’s why we recommend opting for the easy solution: sign up for a free trial of Moonlock and let it do all the work.

As a powerful anti-malware tool, Moonlock is able to detect and flag malware hiding anywhere on your device with a single malware scan.

Here’s how to run your first malware scan with Moonlock:

1. Open Moonlock and navigate to the Malware Scanner tab on the left (it’s the cool-looking sunglasses icon).
2. From the drop-down menu, click Configure. This is only necessary for the first scan, and your preferences will be saved for all future malware scans.
3. A new window will pop up. Under “Scan type,” you can choose between a Quick, Balanced, or Deep scan. Below, you’ll find information about each type’s Speed, Depth, and Purpose to help you configure it to your needs.
4. Depending on the scan type you’ve chosen, you’ll be able to tick the boxes for optional file types to include in your scan: archives, disk images (DMG), and packages (PKG). We recommend selecting a Deep scan and including all optional files in your scan.
5. Once happy with your selection, close the settings window. Click Scan.

Moonlock will methodically search through your Mac, looking for any PUP or PUA that might be hiding in your files. If it finds anything, it’ll immediately isolate it in Quarantine, where it’ll no longer be able to interact with your system resources or personal files. Once the scan is complete, you can allow Moonlock to get rid of the PUP for you, leaving no trace behind.

Remove PUP software manually on web browsers

In general, we don’t recommend removing PUPs manually, as the process doesn’t guarantee that all traces of potentially unwanted programs are removed. However, if the PUP is a browser hijacker, here’s what to check for in each major web browser.

Safari

1. Safari > Settings > Extensions. Remove any unknown ones.
2. Safari > Settings > General. Reset your homepage.
3. Safari > Settings > Search. Reset your default search settings.
4. Safari > Clear History… Delete all cache and temporary internet files.

Chrome

1. Settings > Extensions > Manage Extensions. Remove any unknown ones.
2. Settings > Appearance. Reset your homepage.
3. Settings > Search Engine. Reset your default search settings.
4. Settings > Privacy and Security. Delete all cache and temporary internet files.

Firefox

1. Settings > Addons & Themes. Remove any unknown ones.
2. Settings > Home. Reset your homepage.
3. Settings > Search. Reset your default search settings.
4. Settings > Privacy & Security. Delete all cache and temporary internet files.

Shut down suspicious processes on Activity Monitor

Checking the Activity Monitor on your MacBook is another useful step in getting rid of a PUP. This is a useful way of finding any running processes and shutting them down.

Go to Activity Monitor and filter the processes so that the ones taking up the most CPU and memory appear at the top. Do you see anything you don’t recognize?

If there are any gibberish-sounding processes, shut them down by force-closing them. But be watchful. They may immediately start up again.

Delete any unknown and/or suspicious apps in Applications

Go to the Applications folder and look for any suspicious-looking apps you didn’t install. Look for programs with nonsensical names, blurry icons, or both. Securely delete them and empty the Trash.

Delete any unknown apps in Login Items

Go to System Settings > General > Login Items. If you see any unfamiliar apps there, delete them. Make sure the corresponding app in your Applications folder is also gone.

Check for unknown configuration profiles

This is an important one. Go to System Settings > Privacy & Security > Profiles. If you see any configuration profiles there that you didn’t create, delete them immediately. This will likely require your administrator account details.

So, should you remove PUPs from your device or leave them alone?

Some PUP victims may look upon a potentially unwanted program as merely a minor inconvenience. However, we’ve already outlined the dangers they pose to your MacBook and your personal privacy.

The biggest threat that we must emphasize is that by allowing a PUP onto your MacBook, you are potentially opening the door to other malware. This is not a situation you obviously want to be in.

What else should you know about PUPs and their impact?

To educate you more on this topic, we’ll now share some other factors that you should know about PUPs and their real-world impact.

Types of potentially unwanted programs and real-world examples

Some common types of PUPs include:

1. PUP adware: Adware is a common source of unwanted pop-ups. This type of PUP can also double as scareware, since many adware ads are designed to trick you into thinking there is an imminent threat to your computer.
2. Browser hijackers: This is the most common type of PUP. These can take over your entire web browsing activities, posing a variety of dangers.
3. Free software: Unscrupulous developers often release free software with malware hidden inside. These could even, ironically, be fake antivirus software.

Here are some confirmed real-world examples of PUPs:

1. The Ask Toolbar: We recently published an article about the Ask Toolbar and its reputation for hijacking your browser. It will slow the browser down and collect your search data, and it is notoriously difficult to remove.
2. MyCleanPC: This PUP claims to clean up your system. Unfortunately, it does other things in the background. It will run fake scans and claim to find lots of urgent issues even though the machine is clean. It will then attempt to pressure you into buying the paid version, which, of course, is useless. It’s also very hard to remove.
3. CCleaner: This is an example of a PUP that occupies a gray area. While it is a legitimate program, it’s had a lot of controversy in the past with bundle offers that are basically PUPs and spyware. At the time, their reputation took a massive hit, and it has never fully recovered.
4. uTorrent: Again, while a legitimate program, it has been known for installing other things, including Bitcoin miners. This one slows down your system and overloads your CPU.
5. PDF converters and YouTube downloaders: We’ve discussed these extensively in the past. Many online PDF conversion and YouTube download tools may do what they claim to do, but they often have bundled malware inside and should be avoided.

How do PUPs, PUAs, and PUMs vary in cybersecurity?

The acronyms PUP, PUA, and PUM are often used interchangeably. However, these categories vary slightly in a few key ways:

1. PUP (potentially unwanted program): As we stated at the beginning of this article, a PUP is something that users may not have intentionally installed.
2. PUA (potentially unwanted application): This usually refers to an app that displays annoying and unwanted behavior, whether it was knowingly installed or not.
3. PUM (potentially unwanted modification): A PUM is a change that is made to your MacBook settings, possibly without your consent. PUMs are sometimes made to make it more difficult for the user to remove a PUP, meaning they often work in tandem with each other.

How to avoid downloading potentially unwanted programs (PUPs)

Now that we’ve shown you the dangers of PUPs, let’s outline how to avoid downloading them.

Use Moonlock

Moonlock is more than a malware scanner. It has many built-in features designed to help you keep your Mac safe and healthy from all threats. There’s real-time protection, which runs 24/7 in the background, keeping an eye out for any downloads that could be malicious or apps behaving suspiciously. 

There’s also Moonlock’s System Protection module. It helps you make sense of all the security tools that come with being a part of the Apple ecosystem. The Security Advisor helps you be mindful of threats and build habits for a safe online experience with helpful tips.

Take extra caution when installing something

A PUP normally slips through when you install legitimate software or an app. The next time you install something, pay careful attention to advanced settings during installation. Slow down and double-check everything.

Confine your app downloads to the Mac App Store

Apple has very strict rules for what they host on the Mac App Store. All apps and software available on the App Store are vetted by Apple and carefully scanned for malware. These security protocols don’t apply, however, if you install something from a third-party developer.

Keep your operating system, browser, and apps updated at all times

Malware and PUPs usually take advantage of vulnerabilities in macOS, your browser, or your apps. Therefore, when an update is available, make sure you install it immediately.

Don’t click any links from unknown senders

The most favored method of spreading malware and PUPs is via email links, chat message links, and infected email attachments. Therefore, if you don’t know the sender, don’t click the link or open the email attachment.

Compared to other malware, PUPs are fairly mild threats and, fortunately, some of the easiest to remove. But don’t underestimate the dangers that PUPs pose. Do not allow these intruders to stay on your device.

This is an independent publication, and it has not been authorized, sponsored, or otherwise approved by Apple Inc. Mac, MacBook, and macOS are trademarks of Apple Inc.