MacOS Malware That Steals Bank Account Logins and Intellectual Property
A new, invasive Mac malware, a new version of the OSX.Pirrit adware, has been discovered by security researchers. This variant of OSX.Pirrit, as per the security experts, helps hackers gain full control of any Mac computer.
This malware, which has already infected thousands of Mac computers across the world, is a bit sophisticated in nature. A report authored by Rene Millman for SC Media UK discusses the sophisticated nature of this OSX.Pirrit variant. The report says- “The malware has already infected thousands of Mac computers around the world. According to a blog post by Amit Serper, principal security researcher at Cybereason, while usual adware campaigns enable the attackers to flood a person’s computer with ads, this malware not only bombards Macs with adware, it spies on users and runs with the highest user privileges, enabling hackers to leverage this adware to capture personal information on the users, including bank account logins and intellectual property of businesses.”
Amit Serper of Cybereason explains how the malware works, in a detailed post on the Cybereason blog– “Unlike old versions of OSX.Pirrit that used rogue browser plug-ins or even installed a proxy server on the victim’s machine to hijack the browser, this incarnation uses (or shall I say abuses) AppleScript, Apple’s scripting/automation language. And, like its predecessors, this variant is nasty. In addition to bombarding people with ads, it spys on them and runs under root privileges.”
Serper has said that after investigating, he had discovered that it was a company called TargetingEdge that created OSX.Pirrit. He also says that the company has been trying to stop him from publishing his latest research report on OSX.Pirrit. Says Amit Serper- “My research hasn’t gone unnoticed by TargetingEdge. For the past two weeks they’ve tried to prevent me from publishing this research. Cybereason has received a few cease and desist letters from a firm claiming to be TargetingEdge’s legal counsel. The letters demand that we stop referring to TargetingEdge’s software as malware and refrain from publishing this report.” He also points out that TargetingEdge is trying its best to deny any link to OSX.Pirrit.
The Cybereason blog post points out that other than the company, twenty-eight other antivirus engines on Virus Total also classify OSX.Pirrit as a threat. Amit Serper points out that OSX.Pirrit “…runs under root privileges, creates autoruns and generates random names for itself on each install.” He adds further- “Plus, there are no removal instructions and some of its components mask themselves to appear like they’re legitimate and from Apple.”
Julia Sowells275 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.