Cybereason’s Amit Serper Discovers A New Variant of the OSX.Pirrit Mac Adware

Share Article

Cybereason's Principal Security Researcher Amit Serper has discovered that a new variant of OSX.Pirrit adware targeting Mac OS X that enables cyber criminals to take full control of a user's Mac computer.

“It is important not to underestimate the dangers of adware. Today, most security professionals dismiss adware and consider it to be a low security risk compared to the other security issues. And attackers are aware of this practice” said Amit Serper of Cybereason.

Cybereason, creators of the leading cybersecurity data analytics platform including endpoint detection and response, next-generation antivirus, and active monitoring services, today announced that Amit Serper, the company’s Principal Security Researcher, discovered a new, invasive OSX.Pirrit adware variant targeting Mac OS X that enables cyber criminals to take full control of a user’s Mac computer.

This newest OSX.Pirrit version has infected tens of thousands of Mac computers around the world. Typical adware campaigns enable the attackers to flood a person’s computer with ads. However, OSX.Pirrit not only bombards Macs with adware, it spies on users and runs with the highest user privileges.

To download the copy of Serper’s research, visit:
https://www.cybereason.com/blog/targetingedge-mac-os-x-pirrit-malware-adware-still-active

“This is the third chapter of the OSX.Pirrit saga, and this variant is by far the most invasive and dangerous. Infected users will find it extremely difficult to uninstall the program because it is either masked as an Apple update (which the vast majority of users will click on thinking it is legitimate) or as part of the Apple configuration system. In very rare instances, the infected user will be able to uninstall the adware,” said Serper.

Over the past two years, Serper spent significant time analyzing OSX.Pirrit adware. His first OSX.Pirrit discovery in April 2016 provided details on how the adware had the potential to carry out malicious activity and how it contained practices borrowed from traditional malware. Several months later in July 2016, Serper disclosed additional information on OSX.Pirrit including the name of TargetingEdge, the company behind OSX.Pirrit’s creation.

“It is extremely important not to underestimate the dangers of adware. Today, most security professionals dismiss adware and consider these programs low security risks compared to the other security issues they face. Attackers are aware of this practice. They add components or use components already embedded in the adware to use them in a way that’s analogous to malware,” added Serper.

In June 2017, Serper was the first security researcher in the world to discover a cyber vaccine for the NotPetya ransomware, an attack that caused more than $1 billion in losses and damages to corporations around the globe. In October 2017, Serper was the first to discover a vaccine for the equally nasty Bad Rabbit ransomware that spread around the world, causing massive productivity losses equaling hundreds of millions of dollars to many corporations.

About Cybereason
Cybereason, creators of the leading cybersecurity data analytics platform, gives the advantage back to the defender through a completely new approach to cybersecurity. Cybereason offers endpoint detection and response (EDR), next-generation antivirus (NGAV), and active monitoring services, all powered by its proprietary data analytics platform. The Cybereason suite of products provides unmatched visibility, increases analyst efficiency and effectiveness, and reduces security risk. Cybereason is privately held, having raised $189 million from top-tier VCs, and is headquartered in Boston, with offices in London, Tel Aviv and Tokyo.

Learn more: https://www.cybereason.com/
Follow us: Blog | Twitter | Facebook

Media Contact:
Bill Keeler
Director, Public Relations
Cybereason
bill.keeler(at)cybereason(dot)com
(929) 259-3261

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Bill Keeler
Cybereason
+1 929 259-3261
Email >
Visit website