Maker of Sneaky Mac Adware Sends Security Researcher Cease-and-Desist Letters (zdnet.com)

← Back to Stories (view on slashdot.org)

Maker of Sneaky Mac Adware Sends Security Researcher Cease-and-Desist Letters (zdnet.com)

Posted by msmash on Wednesday December 13, 2017 @08:49AM from the challenge-accepted dept.

Zack Whittaker, writing for ZDNet: The maker of a sneaky adware that hijacks a user's browser to serve ads is back with a new, more advanced version -- one that can gain root privileges and spy on the user's activities. News of the updated adware dropped Tuesday in a lengthy write-up by Amit Serper, principal security researcher at Cybereason. The adware, dubbed OSX.Pirrit, is still highly active, infecting tens of thousands of Macs, according to Serper, who has tracked the malware and its different versions for over a year. Serper's detailed write-up is well worth the read. [...] TargetingEdge sent cease-and-desist letters to try to prevent Serper from publishing his research. "We've received several letters over the past two weeks," Serper told ZDNet. "We decided to publish anyway because we're sick of shady 'adware' companies and their threats."

38 of 87 comments (clear)

Min score:

Reason:

Sort:

Details? by DontBeAMoran · 2017-12-13 08:54 · Score: 2

It would be nice to know how this crap gets on a system. Since we're talking about macOS, I'm going to guess this is a trojan and simply carry on...

--
#DeleteFacebook
1. Re:Details? by tattood · 2017-12-13 08:58 · Score: 5, Informative
  
  from TFA:
  
  In this report, the term installer refers to TargetingEdge’s main product - an installer that installs software like a video player or a PDF reader that’s downloaded from a site. These installers will install the downloaded software and the additional malware.
  
  --
  WTB [sig], PST!!!
2. Re:Details? by DontBeAMoran · 2017-12-13 09:03 · Score: 1
  
  Exactly what I thought. Thank you.
  As usual, don't install random crap on your computer, whatever OS you might be using.
  Basic computer security 101.
  
  --
  #DeleteFacebook
3. Re:Details? by Travelsonic · 2017-12-13 09:13 · Score: 2
  
  As usual, don't install random crap on your computer, whatever OS you might be using. Basic computer security 101.
  Computer security 102, however, is "only people who click bad links, or download unknown attachments gets a virus" is a myth.
  
  --
  If you believe in privacy, and believe you have "nothing to hide" at the same time, you're a goddammed idiot
4. Re: Details? by aliquis · 2017-12-13 09:28 · Score: 1
  
  The problem with that is of course that we may want the functionality of the software we've found. And atleast Windows haven't before offered a central repository. And for the same of competition we may not want one.
5. Re:Details? by Anonymous Coward · 2017-12-13 09:28 · Score: 2, Funny
  
  It would be nice to know how this crap gets on a system.
  The Apple App Store.
6. Re:Details? by bloodhawk · 2017-12-13 09:36 · Score: 2
  
  same way crap gets on 99% of systems be it windows, Linux or OS.X, poor user practises and education. malware rarely targets vulnerabilities nowadays as it is much easy to find away in through the Exploit sitting at the keyboard, this has been the case for quite a few years now.
7. Re: Details? by Anonymous Coward · 2017-12-13 10:22 · Score: 1
  
  Is that the same vendor that SourceForge used to provide their extras a few years ago?
8. Re:Details? by HiThere · 2017-12-13 11:55 · Score: 1
  
  Well, actually I use the Gimp, Inkscape, and Geany.
  But you're right in the assumption that I don't compile them from source. I use the official repository.
  
  --
  
  I think we've pushed this "anyone can grow up to be president" thing too far.
9. Re:Details? by Paradise+Pete · 2017-12-13 13:17 · Score: 1
  
  I'm guessing that's why he included the qualifier "only" in what he wrote.
10. Re:Details? by barbariccow · 2017-12-13 14:16 · Score: 1
  
  I'm guessing you missed the ending "is a myth."
11. Re:Details? by barbariccow · 2017-12-13 14:17 · Score: 1
  
  www.notavirus.com/really_this_is_safe.jpg.exe
12. Re:Details? by DontBeAMoran · 2017-12-13 16:58 · Score: 1
  
  There's no "MS Paint" or "Notepad" on Macs.
  
  --
  #DeleteFacebook
13. Re:Details? by DontBeAMoran · 2017-12-13 17:00 · Score: 1
  
  To be honest, I already see Java and Flash as being malware so I'll never install these anyway.
  The Handbrake malware incident, however, was the closest I ever came to having a tiny chance of maybe installing infected software on a computer.
  
  --
  #DeleteFacebook
14. Re:Details? by Travelsonic · 2017-12-13 17:40 · Score: 2
  
  There are people who act like that is the only way it happens, though, which is a dangerously false assertion - malvertising, for instance, and other web based attacks can do this with little to no interaction on the part of the user who gets infected besides going to a website that should be trustworthy.
  
  --
  If you believe in privacy, and believe you have "nothing to hide" at the same time, you're a goddammed idiot
15. Re:Details? by Dog-Cow · 2017-12-13 19:25 · Score: 1
  
  I'm guessing you're an illiterate moron. No wait. I'm positive.
16. Re:Details? by Anonymous Coward · 2017-12-13 23:54 · Score: 1
  
  they get email on their mac that is spoofed to look like a mail from Apple, the mail contains an eecuteable that is labelled "system upgrade"?
  I bet a lot of Mac users would click on something like that :-)
17. Re:Details? by Paradise+Pete · 2017-12-14 02:36 · Score: 1
  
  You should read the thread again.
18. Re:Details? by pnutjam · 2017-12-14 03:18 · Score: 1
  
  I couldn't get that picture to open on my mac, can you make a png instead of a jpg.
  
  --
  Cheap storage VM.
Turnabout by hackertourist · 2017-12-13 08:55 · Score: 1

Maybe we should send the malware maker some cease-and-desist letters.
1. Re:Turnabout by dwillden · 2017-12-13 21:55 · Score: 2
  
  Or since they are producing malware, perhaps the authorities might be interested in talking to the Lawyer who sent the C&D letters regarding their criminal employers.
  
  --
  I'm too lazy to compose a creative sig.
Cease-and-Desist what, exactly? by nitehawk214 · 2017-12-13 09:02 · Score: 1

Cease-and-Desist talking about the malware? Yeah, I am sure filing a lawsuit will to a great job of that, Barbara.
Also, why isn't what the malware maker doing illegal?

--
I'm a good cook. I'm a fantastic eater. - Steven Brust
1. Re:Cease-and-Desist what, exactly? by bloodhawk · 2017-12-13 09:15 · Score: 3, Informative
  
  Also, why isn't what the malware maker doing illegal?
  Not sure on this particular case as can't be bothered reading the whole story. BUT most malware/adware is perfectly legal as it relies on user ignorance and stupidity, simply put in some terms and conditions that you accept the adware in the install of product X, 99% of people don't read the terms so you have an easy install path that is perfectly legal.
2. Re:Cease-and-Desist what, exactly? by Anonymous Coward · 2017-12-13 10:09 · Score: 1, Interesting
  
  Totally. Even if it trashes your data. Or damages your hardware. Or spies on your kids.
  Like when you sign a piece of paper that says I get to punch you. You don't have any recourse after that. Nope. I'm just allowed to punch you whenever I want for the rest of your life.
3. Re:Cease-and-Desist what, exactly? by HiThere · 2017-12-13 11:59 · Score: 2
  
  No, there are limits. They can't enforce an agreement that's against the policy of the enforcing agency. They can't demand that you do something illegal. But the limits are quite broad. Broad enough that I stopped using both MS and Apple over EULAs. (Read it sometime, and try to understand it.)
  
  --
  
  I think we've pushed this "anyone can grow up to be president" thing too far.
4. Re:Cease-and-Desist what, exactly? by VeryFluffyBunny · 2017-12-13 12:02 · Score: 2
  
  Like when you sign a piece of paper that says I get to punch you. You don't have any recourse after that. Nope. I'm just allowed to punch you whenever I want for the rest of your life.
  So you think a contract can nullify criminal law? Regardless of what anybody writes in an agreement, punching someone is criminal assault, with very few exceptions and they have very specific conditions, e.g. boxing and martial arts.
  If an advertiser or software developer breaks the law, they can be prosecuted like everyone else.
  
  --
  Debate is a form of harassment. Do not question my truth.
5. Re: Cease-and-Desist what, exactly? by bestweasel · 2017-12-13 12:42 · Score: 1
  
  Wise words. Never sign one of those bits of paper which say someone gets to punch you Ow! whenever they like. Ow!
Re:Unwise. by jfdavis668 · 2017-12-13 09:24 · Score: 1

I think he is just fictional. http://www.dailymail.co.uk/new...
Re:Here I thought by ctilsie242 · 2017-12-13 10:14 · Score: 1

Mac security improved greatly when OS X took the field. Before that, especially with system 6/7, you could actually have a code segment sitting on a SCSI drive that would load and execute with all permissions. This was used for security software (FileGuard, A. M. E., Empower) to have a driver for on the fly encryption, and thankfully it was never used for ill (AFAIK), but the early Mac operating systems had a lot of infection vectors (WDEF... insert a floppy, bam infected, for example.)
OS X (i.e. NeXTStep with a Mac UI) was pretty good in the security department, and got a lot better, especially with the MAC/DAC stuff added in. However, nothing is 100% secure, and no desktop OS can protect against a Dancing Bunnies attack.
What does help would be more macOS developers using Apple's store instead of offering downloads on their websites. This way, users are trained that if they are asked to go outside the established mechanism, they should be extremely wary... or just say "no". The exception are programs that Apple doesn't allow, such as low level utilities (Little Snitch, VMWare Fusion, etc.)
In any case, Apple should be proactive and revoke the signing key of any proven adware maker.
Security researcher sends... by mapkinase · 2017-12-13 10:52 · Score: 1

... Maker of Sneaky Adware to his maker.

--
I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
Re:Here I thought by Wrath0fb0b · 2017-12-13 10:59 · Score: 1

I don't know why you think that VM host software cannot be hosted on the App Store.
If VMWare doesn't distribute it that way, it's probably because most of their revenue/license is corporate rather than individual and app stores tend to be a poor fir for those arrangements.
Re:If they sent a CnD by 91degrees · 2017-12-13 11:46 · Score: 1

They know the identity. It's a listed company based in Tel Aviv.

No idea why they can't use a legal solution, but it's not because they don't have a company to sue.
Re:Ignore the C & D by HiThere · 2017-12-13 12:02 · Score: 1

An earlier poster said the company was headquartered in Israel. So they *could* file suit in the US court system. I consider it unlikely, and I consider it unlikely that a jury would find in their favor. But a judge might...or might not.

--

I think we've pushed this "anyone can grow up to be president" thing too far.
Re:Apple Execs should send in a goon squad by VeryFluffyBunny · 2017-12-13 12:05 · Score: 1

You mean Apple Inc., the corporation that spend over $1 billion a year on advertising?

--
Debate is a form of harassment. Do not question my truth.
Re:Ignore the C & D by gravewax · 2017-12-13 15:43 · Score: 1

why is that half assed? yes they are clearly scumbags, but you are under no obligation to tell journalists anything and they can happily lie their asses off to them.
Re:Here I thought by ctilsie242 · 2017-12-14 02:53 · Score: 1

That is a good thing, and I am glad I am wrong here. Previously, I remember Apple disallowing programs that affected kernel level functionality. If Parallels can put their virtualization setup on the App Store, then I don't see why all Mac developers should not use the store. I would assert that stores or repositories are very beneficial in combatting Trojans, assuming they are well curated and bad software is removed quickly with the developer getting tossed.
In the Linux world, I've found it very rare that I download a program outside a repository. The only exception are some very specific utilities that address a narrow market, and Borg Backup, which the latest version doesn't seem to wind up in EPEL or the latest Ubuntu updates.
As for Windows, Microsoft needs to consider a push to have their store be similar. The days of downloading some program from Cnet or a BBS are long gone when it comes to security, for the most part.
Of course, there is a downside... I fear that doing this might get OS makers to block sideloading of programs. Ideally, sideloading should be allowed, but in very rare circumstances.
Re: first by Brockmire · 2017-12-15 18:22 · Score: 1

Fuck face, it's "loser". "Looser" is when I'm done with your mom. Why can't people get this right when insulting people?
Send Report to the FBI by herbierobinson · 2017-12-21 04:12 · Score: 1

They should send the report and the lawyer's address straight to the FBI. If it's accurate, the software is violating the Compture Fraud and Abuse Act. And Israel will honor the extradition...

--
An engineer who ran for Congress. http://herbrobinson.us