Maker of Sneaky Mac Adware Sends Security Researcher Cease-and-Desist Letters

Zack Whittaker, writing for ZDNet: The maker of a sneaky adware that hijacks a user's browser to serve ads is back with a new, more advanced version -- one that can gain root privileges and spy on the user's activities. News of the updated adware dropped Tuesday in a lengthy write-up by Amit Serper, principal security researcher at Cybereason. The adware, dubbed OSX.Pirrit, is still highly active, infecting tens of thousands of Macs, according to Serper, who has tracked the malware and its different versions for over a year. Serper's detailed write-up is well worth the read. [...] TargetingEdge sent cease-and-desist letters to try to prevent Serper from publishing his research. "We've received several letters over the past two weeks," Serper told ZDNet. "We decided to publish anyway because we're sick of shady 'adware' companies and their threats."

Details?

[DontBeAMoran]

It would be nice to know how this crap gets on a system. Since we're talking about macOS, I'm going to guess this is a trojan and simply carry on...

Re:Details?

[tattood]

from TFA:

In this report, the term installer refers to TargetingEdge’s main product - an installer that installs software like a video player or a PDF reader that’s downloaded from a site. These installers will install the downloaded software and the additional malware.

Re:

[DontBeAMoran]

Exactly what I thought. Thank you.

As usual, don't install random crap on your computer, whatever OS you might be using.
Basic computer security 101.

Re:

[Travelsonic]

As usual, don't install random crap on your computer, whatever OS you might be using. Basic computer security 101.

Computer security 102, however, is "only people who click bad links, or download unknown attachments gets a virus" is a myth.

Re:

[Paradise Pete]

I'm guessing that's why he included the qualifier "only" in what he wrote.

Re:

[barbariccow]

I'm guessing you missed the ending "is a myth."

Re:

[Dog-Cow]

I'm guessing you're an illiterate moron. No wait. I'm positive.

Re:

[Paradise Pete]

You should read the thread again.

Re:

[Travelsonic]

There are people who act like that is the only way it happens, though, which is a dangerously false assertion - malvertising, for instance, and other web based attacks can do this with little to no interaction on the part of the user who gets infected besides going to a website that should be trustworthy.

Re: Details?

[aliquis]

The problem with that is of course that we may want the functionality of the software we've found. And atleast Windows haven't before offered a central repository. And for the same of competition we may not want one.

Re:

[HiThere]

Well, actually I use the Gimp, Inkscape, and Geany.

But you're right in the assumption that I don't compile them from source. I use the official repository.

Re:

[DontBeAMoran]

There's no "MS Paint" or "Notepad" on Macs.

Re:

[DontBeAMoran]

To be honest, I already see Java and Flash as being malware so I'll never install these anyway.

The Handbrake malware incident, however, was the closest I ever came to having a tiny chance of maybe installing infected software on a computer.

Re: Details?

[Anonymous Coward]

Is that the same vendor that SourceForge used to provide their extras a few years ago?

Re:

[barbariccow]

www.notavirus.com/really_this_is_safe.jpg.exe

Re:

[pnutjam]

I couldn't get that picture to open on my mac, can you make a png instead of a jpg.

Re:

[Anonymous Coward]

It would be nice to know how this crap gets on a system.

The Apple App Store.

Re:

[bloodhawk]

same way crap gets on 99% of systems be it windows, Linux or OS.X, poor user practises and education. malware rarely targets vulnerabilities nowadays as it is much easy to find away in through the Exploit sitting at the keyboard, this has been the case for quite a few years now.

Re:

[Anonymous Coward]

they get email on their mac that is spoofed to look like a mail from Apple, the mail contains an eecuteable that is labelled "system upgrade"?

I bet a lot of Mac users would click on something like that :-)

Turnabout

[hackertourist]

Maybe we should send the malware maker some cease-and-desist letters.

Re:

[dwillden]

Or since they are producing malware, perhaps the authorities might be interested in talking to the Lawyer who sent the C&D letters regarding their criminal employers.

Re: first

[Brockmire]

Fuck face, it's "loser". "Looser" is when I'm done with your mom. Why can't people get this right when insulting people?

Re:

[91degrees]

They know the identity. It's a listed company based in Tel Aviv.

No idea why they can't use a legal solution, but it's not because they don't have a company to sue.

Re:

[jfdavis668]

I think he is just fictional. http://www.dailymail.co.uk/new... [dailymail.co.uk]

Re:

[ctilsie242]

Mac security improved greatly when OS X took the field. Before that, especially with system 6/7, you could actually have a code segment sitting on a SCSI drive that would load and execute with all permissions. This was used for security software (FileGuard, A. M. E., Empower) to have a driver for on the fly encryption, and thankfully it was never used for ill (AFAIK), but the early Mac operating systems had a lot of infection vectors (WDEF... insert a floppy, bam infected, for example.)

OS X (i.e. NeXTStep

Re:

[Wrath0fb0b]

I don't know why you think that VM host software cannot be hosted on the App Store [apple.com].

If VMWare doesn't distribute it that way, it's probably because most of their revenue/license is corporate rather than individual and app stores tend to be a poor fir for those arrangements.

Re:

[ctilsie242]

That is a good thing, and I am glad I am wrong here. Previously, I remember Apple disallowing programs that affected kernel level functionality. If Parallels can put their virtualization setup on the App Store, then I don't see why all Mac developers should not use the store. I would assert that stores or repositories are very beneficial in combatting Trojans, assuming they are well curated and bad software is removed quickly with the developer getting tossed.

In the Linux world, I've found it very rare t

Cease-and-Desist what, exactly?

[nitehawk214]

Cease-and-Desist talking about the malware? Yeah, I am sure filing a lawsuit will to a great job of that, Barbara.

Also, why isn't what the malware maker doing illegal?

Re:Cease-and-Desist what, exactly?

[bloodhawk]

Also, why isn't what the malware maker doing illegal?

Not sure on this particular case as can't be bothered reading the whole story. BUT most malware/adware is perfectly legal as it relies on user ignorance and stupidity, simply put in some terms and conditions that you accept the adware in the install of product X, 99% of people don't read the terms so you have an easy install path that is perfectly legal.

Re:

[Anonymous Coward]

Totally. Even if it trashes your data. Or damages your hardware. Or spies on your kids.

Like when you sign a piece of paper that says I get to punch you. You don't have any recourse after that. Nope. I'm just allowed to punch you whenever I want for the rest of your life.

Re:

[HiThere]

No, there are limits. They can't enforce an agreement that's against the policy of the enforcing agency. They can't demand that you do something illegal. But the limits are quite broad. Broad enough that I stopped using both MS and Apple over EULAs. (Read it sometime, and try to understand it.)

Re:

[VeryFluffyBunny]

Like when you sign a piece of paper that says I get to punch you. You don't have any recourse after that. Nope. I'm just allowed to punch you whenever I want for the rest of your life.

So you think a contract can nullify criminal law? Regardless of what anybody writes in an agreement, punching someone is criminal assault, with very few exceptions and they have very specific conditions, e.g. boxing and martial arts.

If an advertiser or software developer breaks the law, they can be prosecuted like everyone else.

Re: Cease-and-Desist what, exactly?

[bestweasel]

Wise words. Never sign one of those bits of paper which say someone gets to punch you Ow! whenever they like. Ow!

Apple Execs should send in a goon squad

[FudRucker]

find this scumbag making this malware advertising and smash his computers and break his knees and and elbows with baseball bats

Re:

[VeryFluffyBunny]

You mean Apple Inc., the corporation that spend over $1 billion a year on advertising?

Security researcher sends...

[mapkinase]

... Maker of Sneaky Adware to his maker.

Re:

[HiThere]

An earlier poster said the company was headquartered in Israel. So they *could* file suit in the US court system. I consider it unlikely, and I consider it unlikely that a jury would find in their favor. But a judge might...or might not.

Re:

[gravewax]

why is that half assed? yes they are clearly scumbags, but you are under no obligation to tell journalists anything and they can happily lie their asses off to them.

Send Report to the FBI

[herbierobinson]

They should send the report and the lawyer's address straight to the FBI. If it's accurate, the software is violating the Compture Fraud and Abuse Act. And Israel will honor the extradition...