A potentially unwanted program or PUP is a type of software installed without users' consent.

What is a PUP?

A potentially unwanted program or PUP is a type of software that has been installed without the user's consent, either not having explicitly agreed or doing so unintentionally. PUPs and potentially unwanted applications (PUAs) are less serious than other types of attacks, though are nevertheless a type of malware.

They often include features that compromise privacy, including the installation of search engines and applications, as well as disabling security measures on computers.


How do they operate?

In general, they spread with the installation of software or browser add-ons. Many companies responsible for PUPs include the download of the unwanted program as a background operation during installation, in the hope that users won't be aware of their presence. Once installed on a computer, they can be used to allow other types of malware onto the system or for other criminal activity.

During 2015, Google carried out research that revealed that pay per install (PPI) networks -in which cybercriminals are rewarded for the massive distribution of adware- had affected tens of millions of users around the world (5% of IPs). According to PandaLabs, in the second quarter of 2014 there was a resurgence in PUPs that saw them account for 24.77% of all malware infections during that period.


Types of PUPs

PUPs include any type of software that displays intrusive advertising (adware), injects its own advertising content onto the Web pages visited by the user, or monitors the user's Internet habits to sell information to advertisers (spyware).

And all of this is done through an installation that violates the right for informed consent. Some companies use them to hijack users' browsers (hijacking), changing the home page and default search engine. This way, they can force the user to access the Internet through specific websites, generating returns for advertisers.

In some cases, criminals use the malware to steal browser cookies, hijacking connections to websites and taking action on users' accounts without their knowledge or consent (such as installing Android apps).

Some unwanted software packages install a root certificate on users' devices allowing hackers to intercept confidential data -such as bank details- and blocking security alerts.


How to avoid them

  • Before installing a program, cyber-security experts recommend that you always download the latest version from the vendor's official website, or from a reputable download site.
  • Creal all checkboxes during installation, as most PUPs use voluntary exclusion techniques.
  • Check the privacy policy of all the programs and apps you install and the permissions required to install them.
  • Avoid all types of suspicious software, whether free or paid for.
  • Use an antivirus with malware detection, like Panda DOME, which also offers the option to scan the device for malware and PUPs and remove them.