Then it installs a Safari browser extension called Leperdvil that asks for keychain access by displaying a dialogue box asking whether to allow or deny the access. The latest version of their adware installer has not been blocked by Mac OS X anti-malware protections and automatically redirects the user to Download Shuttle’s App Store version.Īccording to the researcher Thomas Reed over at Malwarebytes, who is apparently the first one to discover this vulnerability, prior to the installation of this Genieo installer, it exploits the vulnerability by asking user for a permission to verify their password. IOS Jailbreak Backdoor Tweak Compromised 220,000 iCloud Accountsįor those who are not aware of this adware, it is designed and circulated by Genieo Innovation that is an Israel-based company that is renowned for its malware and other harmful apps. Fake Download Shuttle installer | Image Credit: Malwarebytes