Not a lot was said about adware, especially not about adware for Mac. Adware is usually dismissed for being too benign and not interesting. After all - it just displays ads. But what if you were hit with an aggressive variant with malware-like features that has root access to your machine and has the ability to do what ever its creators wanted it to do?
A Mac OS X port of the Pirrit adware includes properties like hidden users, traffic redirection, persistence, and weird DGA-looking domains, all showing that an aggressive malvertiser is now targeting Macs. In the case of OSX.Pirrit, it uses simple social engineering to escalate its privileges and eventually take total control of your Mac. And with control of your machine, Pirrit’s creators could have done pretty much anything, like stolen your company’s secret sauce or installed a keylogger to capture the log-in credentials for your bank account. The creators of Pirrit were trying very hard to avoid being detected by antiviruses, personal firewalls and even from some advanced users.
In this talk, we’ll review OSX/Pirrit, dissect its methods and show it could have carried out much more sinister activities besides bombard a browser with ads.
5 окт 2024
