What is PUP malware, and how can you get rid of potentially unwanted programs?

There are lots of types of malware that do their best to try to get onto your MacBook, and with Mac-targeting malware on the rise, the risk has never been greater. One category of threats consists of potentially unwanted programs, also known as PUPs. But what is a PUP? And what dangers do they pose to your machine?

What is a PUP in cybersecurity, and how does it relate to malware?

As the name implies, a potentially unwanted program is a piece of software that you may not wish to have on your computer.

So, is a PUP virus dangerous? First of all, a PUP isn’t a virus at all, and not every PUP is considered malware. However, in most cases, you don’t want PUPs coming to visit your device anytime soon.

How PUP malware affects your device

On the surface, PUP may not be causing serious issues with your device. But under the surface, it may be doing a lot of damage:

1. Your MacBook could significantly slow down. Malware is resource-intensive, and PUPs are no exception. A lot of them use your CPU and your Wi-Fi network, which comes at the expense of speed.
2. Your device may overheat. CPU and network assaults will take a toll on your MacBook’s battery. The more the device has to work, the hotter it’s going to get. This will have consequences for your battery, which may become damaged due to the excessive heat.
3. If that PUP is a browser hijacker, your browser settings could be changed. These settings include your homepage, your new tab page, your default search engine, your security settings, and more.
4. A PUP can also make unauthorized system changes to your MacBook, such as installing configuration profiles, changing software settings, or installing its own applications.

Depending on the program, many of these changes are often subtle and might not be obvious as malware to the average user. It could continue to damage your device for weeks or months without you knowing. However, a powerful anti-malware tool, like Moonlock, can still detect the suspicious symptoms of a PUP and alert you to its existence. 

What risks come with having potentially unwanted programs (PUPs)?

Now that we’ve looked at how PUPs affect your MacBook, let’s examine some other associated risks of potentially unwanted programs:

1. Lots of pop-up ads: PUPs make their money partly from victims clicking on pop-up ads. They’ll sell useless software and/or steal your personal data, such as your credit card details.
2. Data theft: Your browsing data is very valuable to data brokers. This includes information such as your browsing history, your interests, your location, your search queries, and what apps you use.
3. Personal data theft: Other types of data up for grabs include your full name, address, phone number, credit card details, social security number, and online login credentials.
4. More malware: PUPs can often bring in other malware, which are quite often more dangerous.

Common ways PUPs get installed on your device

When dealing with a PUP infection, it’s essential to know how it got onto your device in the first place:

1. Malware-infected links: Links are the most popular form of distribution. They can be sent to you by email, chat message, or SMS. Clicking on these links will then lead to malware being installed.
2. Bundled software: This can include free software from unethical developers, as well as software that you think is legitimate. Meanwhile, a trojan is covertly installing itself in the background.
3. Fake updates: If you’ve ever clicked on a pop-up telling you that Flash Player needs to be updated, it’s likely that you have malware. Software never needs to be updated through a pop-up, never mind that Adobe Flash Player was officially discontinued in 2020. If you have Flash Player on your computer, uninstall it immediately.
4. Malicious browser extensions: Any extensions sideloaded from outside of a browser’s official extension site could have malware inside. This is why you should never sideload an extension.

How to remove PUP malware from your device

If reading the list of symptoms above has convinced you that you have a PUP on your computer, here are some removal solutions for Mac. We will start with the most effective solution.

How to get rid of potentially unwanted programs safely

There are 2 ways to remove a PUP from your Mac: an easy way and a hard way.

While not particularly difficult, the hard way is time-intensive and doesn’t always work out. You’ll need to manually sift through all the programs installed on your Mac, identify which one you didn’t intend to install, and then remove it.

Even then, if the PUA or PUP is truly malicious, you might not be able to find and safely remove it using traditional means. That’s why we recommend opting for the easy solution: sign up for a free trial of Moonlock and let it do all the work.

As a powerful anti-malware tool, Moonlock is able to detect and flag malware hiding anywhere on your device with a single malware scan.

Here’s how to run your first malware scan with Moonlock:

1. Open Moonlock and navigate to the Malware Scanner tab on the left (it’s the cool-looking sunglasses icon).
2. From the drop-down menu, click Configure. This is only necessary for the first scan, and your preferences will be saved for all future malware scans.
3. A new window will pop up. Under “Scan type,” you can choose between a Quick, Balanced, or Deep scan. Below, you’ll find information about each type’s Speed, Depth, and Purpose to help you configure it to your needs.
4. Depending on the scan type you’ve chosen, you’ll be able to tick the boxes for optional file types to include in your scan: archives, disk images (DMG), and packages (PKG). We recommend selecting a Deep scan and including all optional files in your scan.
5. Once happy with your selection, close the settings window. Click Scan.

Moonlock will methodically search through your Mac, looking for any PUP or PUA that might be hiding in your files. If it finds anything, it’ll immediately isolate it in Quarantine, where it’ll no longer be able to interact with your system resources or personal files. Once the scan is complete, you can allow Moonlock to get rid of the PUP for you, leaving no trace behind.

Remove PUP software manually on web browsers

In general, we don’t recommend removing PUPs manually, as the process doesn’t guarantee that all traces of potentially unwanted programs are removed. However, if the PUP is a browser hijacker, here’s what to check for in each major web browser.

Safari

1. Safari > Settings > Extensions. Remove any unknown ones.
2. Safari > Settings > General. Reset your homepage.
3. Safari > Settings > Search. Reset your default search settings.
4. Safari > Clear History… Delete all cache and temporary internet files.

Chrome

1. Settings > Extensions > Manage Extensions. Remove any unknown ones.
2. Settings > Appearance. Reset your homepage.
3. Settings > Search Engine. Reset your default search settings.
4. Settings > Privacy and Security. Delete all cache and temporary internet files.

Firefox

1. Settings > Addons & Themes. Remove any unknown ones.
2. Settings > Home. Reset your homepage.
3. Settings > Search. Reset your default search settings.
4. Settings > Privacy & Security. Delete all cache and temporary internet files.

Shut down suspicious processes on Activity Monitor

Checking the Activity Monitor on your MacBook is another useful step in getting rid of a PUP. This is a useful way of finding any running processes and shutting them down.

Go to Activity Monitor and filter the processes so that the ones taking up the most CPU and memory appear at the top. Do you see anything you don’t recognize?

If there are any gibberish-sounding processes, shut them down by force-closing them. But be watchful. They may immediately start up again.

Delete any unknown and/or suspicious apps in Applications

Go to the Applications folder and look for any suspicious-looking apps you didn’t install. Look for programs with nonsensical names, blurry icons, or both. Securely delete them and empty the Trash.

Delete any unknown apps in Login Items

Go to System Settings > General > Login Items. If you see any unfamiliar apps there, delete them. Make sure the corresponding app in your Applications folder is also gone.

Check for unknown configuration profiles

This is an important one. Go to System Settings > Privacy & Security > Profiles. If you see any configuration profiles there that you didn’t create, delete them immediately. This will likely require your administrator account details.

So, should you remove PUPs from your device or leave them alone?

Some PUP victims may look upon a potentially unwanted program as merely a minor inconvenience. However, we’ve already outlined the dangers they pose to your MacBook and your personal privacy.

The biggest threat that we must emphasize is that by allowing a PUP onto your MacBook, you are potentially opening the door to other malware. This is not a situation you obviously want to be in.

What else should you know about PUPs and their impact?

To educate you more on this topic, we’ll now share some other factors that you should know about PUPs and their real-world impact.

Types of potentially unwanted programs and real-world examples

Some common types of PUPs include:

1. PUP adware: Adware is a common source of unwanted pop-ups. This type of PUP can also double as scareware, since many adware ads are designed to trick you into thinking there is an imminent threat to your computer.
2. Browser hijackers: This is the most common type of PUP. These can take over your entire web browsing activities, posing a variety of dangers.
3. Free software: Unscrupulous developers often release free software with malware hidden inside. These could even, ironically, be fake antivirus software.

Here are some confirmed real-world examples of PUPs:

1. The Ask Toolbar: We recently published an article about the Ask Toolbar and its reputation for hijacking your browser. It will slow the browser down and collect your search data, and it is notoriously difficult to remove.
2. MyCleanPC: This PUP claims to clean up your system. Unfortunately, it does other things in the background. It will run fake scans and claim to find lots of urgent issues even though the machine is clean. It will then attempt to pressure you into buying the paid version, which, of course, is useless. It’s also very hard to remove.
3. CCleaner: This is an example of a PUP that occupies a gray area. While it is a legitimate program, it’s had a lot of controversy in the past with bundle offers that are basically PUPs and spyware. At the time, their reputation took a massive hit, and it has never fully recovered.
4. uTorrent: Again, while a legitimate program, it has been known for installing other things, including Bitcoin miners. This one slows down your system and overloads your CPU.
5. PDF converters and YouTube downloaders: We’ve discussed these extensively in the past. Many online PDF conversion and YouTube download tools may do what they claim to do, but they often have bundled malware inside and should be avoided.

How do PUPs, PUAs, and PUMs vary in cybersecurity?

The acronyms PUP, PUA, and PUM are often used interchangeably. However, these categories vary slightly in a few key ways:

1. PUP (potentially unwanted program): As we stated at the beginning of this article, a PUP is something that users may not have intentionally installed.
2. PUA (potentially unwanted application): This usually refers to an app that displays annoying and unwanted behavior, whether it was knowingly installed or not.
3. PUM (potentially unwanted modification): A PUM is a change that is made to your MacBook settings, possibly without your consent. PUMs are sometimes made to make it more difficult for the user to remove a PUP, meaning they often work in tandem with each other.

How to avoid downloading potentially unwanted programs (PUPs)

Now that we’ve shown you the dangers of PUPs, let’s outline how to avoid downloading them.

Use Moonlock

Moonlock is more than a malware scanner. It has many built-in features designed to help you keep your Mac safe and healthy from all threats. There’s real-time protection, which runs 24/7 in the background, keeping an eye out for any downloads that could be malicious or apps behaving suspiciously. 

There’s also Moonlock’s System Protection module. It helps you make sense of all the security tools that come with being a part of the Apple ecosystem. The Security Advisor helps you be mindful of threats and build habits for a safe online experience with helpful tips.

Take extra caution when installing something

A PUP normally slips through when you install legitimate software or an app. The next time you install something, pay careful attention to advanced settings during installation. Slow down and double-check everything.

Confine your app downloads to the Mac App Store

Apple has very strict rules for what they host on the Mac App Store. All apps and software available on the App Store are vetted by Apple and carefully scanned for malware. These security protocols don’t apply, however, if you install something from a third-party developer.

Keep your operating system, browser, and apps updated at all times

Malware and PUPs usually take advantage of vulnerabilities in macOS, your browser, or your apps. Therefore, when an update is available, make sure you install it immediately.

Don’t click any links from unknown senders

The most favored method of spreading malware and PUPs is via email links, chat message links, and infected email attachments. Therefore, if you don’t know the sender, don’t click the link or open the email attachment.

Compared to other malware, PUPs are fairly mild threats and, fortunately, some of the easiest to remove. But don’t underestimate the dangers that PUPs pose. Do not allow these intruders to stay on your device.

This is an independent publication, and it has not been authorized, sponsored, or otherwise approved by Apple Inc. Mac, MacBook, and macOS are trademarks of Apple Inc.