Malware

What is PUP malware, and how can you get rid of potentially unwanted programs?

Mark O'Neill

Apr 23, 20259 min read

What is PUP malware, and how can you get rid of potentially unwanted programs? Header image

There are lots of types of malware that do their best to try to get onto your MacBook, and with Mac-targeting malware on the rise, the risk has never been greater. One category of threats consists of potentially unwanted programs, also known as PUPs. But what is a PUP? And what dangers do they pose to your machine?

What is a PUP in cybersecurity, and how does it relate to malware?

As the name implies, a potentially unwanted program is a piece of software that you may not wish to have on your computer.

So, is a PUP virus dangerous? First of all, a PUP isn’t a virus at all, and not every PUP is considered malware. However, in most cases, you don’t want PUPs coming to visit your device anytime soon.

How PUP malware affects your device

On the surface, PUP may not be causing serious issues with your device. But under the surface, it may be doing a lot of damage:

  1. Your MacBook could significantly slow down. Malware is resource-intensive, and PUPs are no exception. A lot of them use your CPU and your Wi-Fi network, which comes at the expense of speed.
  2. Your device may overheat. CPU and network assaults will take a toll on your MacBook’s battery. The more the device has to work, the hotter it’s going to get. This will have consequences for your battery, which may become damaged due to the excessive heat.
  3. If that PUP is a browser hijacker, your browser settings could be changed. These settings include your homepage, your new tab page, your default search engine, your security settings, and more.
  4. A PUP can also make unauthorized system changes to your MacBook, such as installing configuration profiles, changing software settings, or installing its own applications.

What risks come with having potentially unwanted programs (PUPs)?

A photo showing a MacBook Pro with excessive pop-ups on the screen.

Now that we’ve looked at how PUPs affect your MacBook, let’s examine some other associated risks of potentially unwanted programs:

  1. Lots of pop-up ads: PUPs make their money partly from victims clicking on pop-up ads. They’ll sell useless software and/or steal your personal data, such as your credit card details.
  2. Data theft: Your browsing data is very valuable to data brokers. This includes information such as your browsing history, your interests, your location, your search queries, and what apps you use.
  3. Personal data theft: Other types of data up for grabs include your full name, address, phone number, credit card details, social security number, and online login credentials.
  4. More malware: PUPs can often bring in other malware, which are quite often more dangerous.

Common ways PUPs get installed on your device

When dealing with a PUP infection, it’s essential to know how it got onto your device in the first place:

  1. Malware-infected links: Links are the most popular form of distribution. They can be sent to you by email, chat message, or SMS. Clicking on these links will then lead to malware being installed.
  2. Bundled software: This can include free software from unethical developers, as well as software that you think is legitimate. Meanwhile, a trojan is covertly installing itself in the background.
  3. Fake updates: If you’ve ever clicked on a pop-up telling you that Flash Player needs to be updated, it’s likely that you have malware. Software never needs to be updated through a pop-up, never mind that Adobe Flash Player was officially discontinued in 2020. If you have Flash Player on your computer, uninstall it immediately.
  4. Malicious browser extensions: Any extensions sideloaded from outside of a browser’s official extension site could have malware inside. This is why you should never sideload an extension.

How to remove PUP malware from your device

If reading the list of symptoms above has convinced you that you have a PUP on your computer, here are some removal solutions for Mac. We will start with the most effective solution.

How to get rid of potentially unwanted programs safely

There are 2 ways to remove a PUP: the hard way and the easy way. Everyone likes easy, so we’ll start with that. The easy solution comes in the form of CleanMyMac, powered by Moonlock engine.

A screenshot of the CleanMyMac Protection feature.

CleanMyMac is a Mac optimization tool with a powerful malware detection feature. It’s quite simply the fastest and easiest way to get rid of a PUP or any other malware lurking on your MacBook.

But don’t take our word for it. We offer a free trial so you can test it for yourself. Once you have signed up for the free trial and installed the app, follow these very simple steps.

A screenshot of CleanMyMac Malware Removal results.

Here’s how to remove a PUP with CleanMyMac:

  1. Open the app and select the Protection feature on the left. This is the malware removal tool.
  2. Before beginning the scan process, select Configure Scan to access the settings and choose your scan settings. We recommend selecting everything.
  3. Once you have selected all of the scan settings, exit Configure Scan and click the Scan button. CleanMyMac will start methodically searching your Mac, looking for all traces of PUPs and other nasties lurking on your MacBook.
  4. If anything is found, CleanMyMac will present it to you in a list with checkboxes. Tick them all and click Remove.
  5. To make sure that the PUP is really gone, we also recommend taking advantage of the Cleanup feature to remove all junk files. Some of them may be PUP files, and removing them will eliminate all final traces of the PUP.
A screenshot of the CleanMyMac Cleanup feature.

Remove PUP software manually on web browsers

In general, we don’t recommend removing PUPs manually, as the process doesn’t guarantee that all traces of potentially unwanted programs are removed. However, if the PUP is a browser hijacker, here’s what to check for in each major web browser.

Safari

  1. Safari > Settings > Extensions. Remove any unknown ones.
  2. Safari > Settings > General. Reset your homepage.
  3. Safari > Settings > Search. Reset your default search settings.
  4. Safari > Clear History… Delete all cache and temporary internet files.
A screenshot of the Settings page in Safari showing how to set the default homepage, as well as other preferences.
Safari is a trademark of Apple Inc.

Chrome

  1. Settings > Extensions > Manage Extensions. Remove any unknown ones.
  2. Settings > Appearance. Reset your homepage.
  3. Settings > Search Engine. Reset your default search settings.
  4. Settings > Privacy and Security. Delete all cache and temporary internet files.
change new startup pages chrome
Google Chrome is a trademark of Google LLC.

Firefox

  1. Settings > Addons & Themes. Remove any unknown ones.
  2. Settings > Home. Reset your homepage.
  3. Settings > Search. Reset your default search settings.
  4. Settings > Privacy & Security. Delete all cache and temporary internet files.
A screenshot of the Firefox Settings menu, including the default search engine preference.

Shut down suspicious processes on Activity Monitor

Checking the Activity Monitor on your MacBook is another useful step in getting rid of a PUP. This is a useful way of finding any running processes and shutting them down.

A screenshot of Activity Monitor in macOS showing a list of running processes.
macOS is a trademark of Apple Inc.

Go to Activity Monitor and filter the processes so that the ones taking up the most CPU and memory appear at the top. Do you see anything you don’t recognize?

If there are any gibberish-sounding processes, shut them down by force-closing them. But be watchful. They may immediately start up again.

Delete any unknown and/or suspicious apps in Applications

A screenshot of the Applications folder in macOS.
macOS is a trademark of Apple Inc.

Go to the Applications folder and look for any suspicious-looking apps you didn’t install. Look for programs with nonsensical names, blurry icons, or both. Securely delete them and empty the Trash (you can also easily delete them through CleanMyMac).

Delete any unknown apps in Login Items

A screenshot of the "Login Items & Extensions" tab in macOS Settings.
macOS is a trademark of Apple Inc.

Go to System Settings > General > Login Items. If you see any unfamiliar apps there, delete them. Make sure the corresponding app in your Applications folder is also gone.

Check for unknown configuration profiles

This is an important one. Go to System Settings > Privacy & Security > Profiles. If you see any configuration profiles there that you didn’t create, delete them immediately. This will likely require your administrator account details.

So, should you remove PUPs from your device or leave them alone?

Some PUP victims may look upon a potentially unwanted program as merely a minor inconvenience. However, we’ve already outlined the dangers they pose to your MacBook and your personal privacy.

The biggest threat that we must emphasize is that by allowing a PUP onto your MacBook, you are potentially opening the door to other malware. This is not a situation you obviously want to be in.

What else should you know about PUPs and their impact?

To educate you more on this topic, we’ll now share some other factors that you should know about PUPs and their real-world impact.

Types of potentially unwanted programs and real-world examples

Some common types of PUPs include:

  1. PUP adware: Adware is a common source of unwanted pop-ups. This type of PUP can also double as scareware, since many adware ads are designed to trick you into thinking there is an imminent threat to your computer.
  2. Browser hijackers: This is the most common type of PUP. These can take over your entire web browsing activities, posing a variety of dangers.
  3. Free software: Unscrupulous developers often release free software with malware hidden inside. These could even, ironically, be fake antivirus software.

Here are some confirmed real-world examples of PUPs:

  1. The Ask Toolbar: We recently published an article about the Ask Toolbar and its reputation for hijacking your browser. It will slow the browser down and collect your search data, and it is notoriously difficult to remove.
  2. MyCleanPC: This PUP claims to clean up your system. Unfortunately, it does other things in the background. It will run fake scans and claim to find lots of urgent issues even though the machine is clean. It will then attempt to pressure you into buying the paid version, which, of course, is useless. It’s also very hard to remove.
  3. CCleaner: This is an example of a PUP that occupies a gray area. While it is a legitimate program, it’s had a lot of controversy in the past with bundle offers that are basically PUPs and spyware. At the time, their reputation took a massive hit, and it has never fully recovered.
  4. uTorrent: Again, while a legitimate program, it has been known for installing other things, including Bitcoin miners. This one slows down your system and overloads your CPU.
  5. PDF converters and YouTube downloaders: We’ve discussed these extensively in the past. Many online PDF conversion and YouTube download tools may do what they claim to do, but they often have bundled malware inside and should be avoided.

How do PUPs, PUAs, and PUMs vary in cybersecurity?

The acronyms PUP, PUA, and PUM are often used interchangeably. However, these categories vary slightly in a few key ways:

  1. PUP (potentially unwanted program): As we stated at the beginning of this article, a PUP is something that users may not have intentionally installed.
  2. PUA (potentially unwanted application): This usually refers to an app that displays annoying and unwanted behavior, whether it was knowingly installed or not.
  3. PUM (potentially unwanted modification): A PUM is a change that is made to your MacBook settings, possibly without your consent. PUMs are sometimes made to make it more difficult for the user to remove a PUP, meaning they often work in tandem with each other.

How to avoid downloading potentially unwanted programs (PUPs)

Now that we’ve shown you the dangers of PUPs, let’s outline how to avoid downloading them.

Use CleanMyMac

As we’ve already demonstrated, CleanMyMac is the fastest, most effective way to eliminate a PUP. It will destroy all traces of the PUP so you can get on with your day. Plus, its real-time threat monitoring will help keep you safe in the future.

Take extra caution when installing something

A PUP normally slips through when you install legitimate software or an app. The next time you install something, pay careful attention to advanced settings during installation. Slow down and double-check everything.

Confine your app downloads to the Mac App Store

A screenshot of the Mac App Store on macOS.
The App Store is a trademark of Apple Inc.

Apple has very strict rules for what they host on the Mac App Store. All apps and software available on the App Store are vetted by Apple and carefully scanned for malware. These security protocols don’t apply, however, if you install something from a third-party developer.

Keep your operating system, browser, and apps updated at all times

A screenshot of the Software Update page in macOS.
macOS is a trademark of Apple Inc.

Malware and PUPs usually take advantage of vulnerabilities in macOS, your browser, or your apps. Therefore, when an update is available, make sure you install it immediately.

The most favored method of spreading malware and PUPs is via email links, chat message links, and infected email attachments. Therefore, if you don’t know the sender, don’t click the link or open the email attachment.

Compared to other malware, PUPs are fairly mild threats and, fortunately, some of the easiest to remove. But don’t underestimate the dangers that PUPs pose. Do not allow these intruders to stay on your device.

This is an independent publication, and it has not been authorized, sponsored, or otherwise approved by Apple Inc. Mac, MacBook, and macOS are trademarks of Apple Inc.

MoonLock Banner
Mark O'Neill Mark O'Neill
Mark has been a technology writer since 2004 when he wrote a regular eBay column for AuctionBytes (now eCommerceBytes). He was a contributing writer to Lifehacker, Lifewire, PC World, and Android Authority, as well as a managing editor at MakeUseOf.