The 1990s saw the internet escape the academic world and become a mainstream resource. Though trojans, viruses, and malware were already around, there were significant differences. Most of that code was meant as a joke, excluding a few destructive ones. Additionally, the malware spread through shared computers in schools and universities (cyber-cafés were still in the future). The internet didn’t play a role in spreading malicious software in the beginning.
Most minds behind the initial viruses in the digital world were not evil. They just wanted to have some fun by making a computer do something unexpected — having a ping-pong ball bouncing around your screen, making your speakers sound like a cricket, opening your CD-ROM, etc.
The coding pranksters who pioneered that kind of software unwittingly created a type that would become infamous: the potentially unwanted application or program (PUA or PUP). The PUA evolved into a completely different thing. In our day and age, PUAs are far from innocent pranks that can be amusing even for the victim. So what are they, exactly? This article will answer all your questions in this area.
What is a Potentially Unwanted Application (PUA)?
Potentially Unwanted Application (PUA), also known as Potentially Unwanted Program (PUP), is a software category that includes apps with the potential for misuse by malicious external actors. They are so named because they often enter a user’s system without consent (that is, they undergo an unwanted download).
PUPs or PUAs are not malicious in themselves and don’t represent user risks. However, they have functionalities that can empower a threat actor to do evil against the system or its owner.
How does a PUA or PUP work?
Many programs can be PUA, depending on their functionality. System administration tools are good examples because they offer significant advantages to the system’s owner and allow for the resolution of various problems. But, at the same time, they need a degree of privilege to be effective, which often includes taking control of the app, system, or network in question.

So, for example, if you run into unexpected problems that require fast resolution, then some system administration suite or password recovery program and other such programs will help. They perform advanced tasks with much simplicity for a relatively inexpert user. However, they will also grant a high degree of power to an external agent that knows how to activate them.
Most users don’t take full advantage of these programs’ features. Mostly, they learn how to perform a handful of tasks and leave the rest unused. But the full power of the program remains there, available for malicious actors to exploit as they like.
Also, most attackers don’t write the code they use. Instead, they usually use third-party tools available on the internet that they inject into a system as a malicious payload. Some adversaries know how to modify the original contents of packers, crypters, and obfuscators so that an initially harmless installer includes the malicious payload and sneakily installs it.
Evading detection is the priority on a PUA’s agenda. Then, once installed, it remains silent until it can deliver the fundamental objective when an attack comes.
What is a PUA threat?
When a Potentially Unwanted Application reaches your system, it can execute various annoying activities with or without notice. Some common threats that PUAs pose include,
- Making your computer slow.
- Flooding you with unwanted ads.
- Installing other software you don’t want, or worse.
- Stealing your most sensitive data.
How do PUAs or PUPs reach your system?
Threat actors and criminal hackers frequently abuse legitimate tools with powerful functionalities. Since these tools belong to otherwise legit entities, they can potentially escape the target system’s user’s attention, even when flagged. At the same time, they will continue serving the attackers’ intended purposes. Therefore, while these tools can be helpful, most antivirus suites consider them PUAs.
A classic example of such PUPs or PUAs delivery sources is the NirSoft website. It offers a wide variety of system administration software. A whole category of its software focuses on recovering passwords in environments such as routers, wireless networks, mail clients, browsers, etc. Security Xploded is another site offering similar software.
The NirSoft “password recovery utilities” catalog includes 28 tools. These tools scan a piece of hardware or a virtual environment to find any stored log-in credentials. For example, the Windows registry was infamous in the past for storing every possible password without encryption.