Security researchers from Cybereason have made another discovery, or more specifically, have re-discovered, a malicious Mac threat. The original detection of OSX.Pirrit parasite was made in April of 2016. As soon as security researchers lad their eyes on the infection, they recognized that this was no ordinary adware: it had the sophistication of a much more severe malware sample.
The story of this adware parasite is not typical. Cybereason senior security researcher Amit Serper figured out the exact company, responsible for the release of OSX.Pirrit adware. The researcher often excluded two intimating characteristics of this threat: capabilities to gain root access and malware-like persistence.
TargetingEdge company is the author of the devious OSX.Pirrit adware
Amit Serper clearly stated that TargetingEdge is the creator of Mac-targeting parasite. If you are not familiar with this Israel-based company, it is focusing on global solutions for distribution and software monetization. The authors do not deny this, but insist on the fact that OSX.Pirrit is not a malware: it is a legitimate and legal installer product for Mac users.
However, Cybereason is convinced that this installer only poses as reliable, but actually tricks users into giving root privileges to the malicious software. Once the OSX.Pirrit is active, it will use scripts to install additional components from its C&C server. The authors of this adware were clever: they attempt to conceal the suspicious files as legitimate functions of Mac OS X. One detail is considered to be rather surprising: the adware uses the AppleScript language to make sure that browsers are filled with third-party online advertisements. This is type of attack is more sophisticated, as the usual proxy server (used for ad-serving) can be removed.
TargetingEdge denies that OSX.Pirrit is a malware and criticizes Cybereason
It appears that TargetingEdge tried very hard to avoid bad publicity. How? By trying to stop Amir Serper from publishing his insights about the OSX.Pirrit adware parasite. Researcher was contacted by the legal counsel of TargetingEdge. He/she explained that the OSX.Pirrit is not a malware. However, Serper is not naive: would a legitimate program attack users with endless ad-campaigns, spy on them and run under root privileges? We think not.
Nevertheless, TargetingEdge claims that Cybereason is attempting to pull of a publicity stunt by ruining the TargetingEdge’s reputation. According to the company, researchers are only aiming at media buzz and attention. They even do as far as to insult Cybereason by stating that they “lack objectivity and journalistic integrity”. Unluckily for TargetingEdge, Serper and his team are not the only ones, indicating that OSX.Pirrit is a malware. There are over twenty other anti-virus programs that detect the program as a threat.
In our opinion, ad-tech companies are capable of going great lengths for profit. If you run a scan for your Mac and notice that it is infected with OSX.Pirrit adware, please make sure to get rid of it as soon as possible. If not, your online activities will be monitored, and repetitive online advertisements will be shown.