Video: OSX.Pirrit shows the potentially malicious side of Mac adware

Amit Serper, Cybereason's lead Linux and Mac OS X security researcher, recently presented his research about a variant of the Pirrit adware that targets OS X at the LayerOne security conference in Los Angeles and the inaugural Bsides TLV.

In both talks, Serper discussed how security analysts shouldn't be so quick to dismiss adware programs as relatively harmless security threats, especially adware that targets Mac OS X.

In the case of this new variant, which Serper named OSX.Pirrit, what appears to be benign adware actually has components that are typically found in malware, including persistence and hidden users and the ability to obtain root access.

"People think that [a Mac computer] has unicorns inside," Serper said during his LayerOne presentation. "People think I have a Mac. We don't get ransomware, adware, malware and viruses. Actually, you can." Threats targeting Mac OS X will increase as more people use Apple computers, he added.

While OSX.Pirrit didn't carry out any malicious actions, the potential to perform harmful activities was there, Serper said. Instead of spamming a person with ads, he explained that the people behind OSX.Pirrit could have just as easily pilfered a company’s intellectual property. Or they could have installed a keylogger to capture a log-in information, allowing them access to a person's email account.

"Adware is malware. There's nothing nice about it. The fact that it doesn't steal your life doesn't mean it won't do it in the future and it doesn't mean [adware] should be treated lightly," he said at Bsides TLV

Fred O'Connor is Cybereason's senior content writer.