Maker of Sneaky Mac Adware Sends Security Researcher Cease-and-Desist Letters

Zack Whittaker, writing for ZDNet: The maker of a sneaky adware that hijacks a user's browser to serve ads is back with a new, more advanced version -- one that can gain root privileges and spy on the user's activities. News of the updated adware dropped Tuesday in a lengthy write-up by Amit Serper, principal security researcher at Cybereason. The adware, dubbed OSX.Pirrit, is still highly active, infecting tens of thousands of Macs, according to Serper, who has tracked the malware and its different versions for over a year. Serper's detailed write-up is well worth the read. [...] TargetingEdge sent cease-and-desist letters to try to prevent Serper from publishing his research. "We've received several letters over the past two weeks," Serper told ZDNet. "We decided to publish anyway because we're sick of shady 'adware' companies and their threats."

Details?

[DontBeAMoran]

It would be nice to know how this crap gets on a system. Since we're talking about macOS, I'm going to guess this is a trojan and simply carry on...

Re:Details?

[tattood]

from TFA:

In this report, the term installer refers to TargetingEdge’s main product - an installer that installs software like a video player or a PDF reader that’s downloaded from a site. These installers will install the downloaded software and the additional malware.

Re:Details?

[Travelsonic]

As usual, don't install random crap on your computer, whatever OS you might be using. Basic computer security 101.

Computer security 102, however, is "only people who click bad links, or download unknown attachments gets a virus" is a myth.

Re:Details?

It would be nice to know how this crap gets on a system.

The Apple App Store.

Re:Details?

[bloodhawk]

same way crap gets on 99% of systems be it windows, Linux or OS.X, poor user practises and education. malware rarely targets vulnerabilities nowadays as it is much easy to find away in through the Exploit sitting at the keyboard, this has been the case for quite a few years now.

Re:Details?

[Travelsonic]

There are people who act like that is the only way it happens, though, which is a dangerously false assertion - malvertising, for instance, and other web based attacks can do this with little to no interaction on the part of the user who gets infected besides going to a website that should be trustworthy.

Re:Cease-and-Desist what, exactly?

[bloodhawk]

Also, why isn't what the malware maker doing illegal?

Not sure on this particular case as can't be bothered reading the whole story. BUT most malware/adware is perfectly legal as it relies on user ignorance and stupidity, simply put in some terms and conditions that you accept the adware in the install of product X, 99% of people don't read the terms so you have an easy install path that is perfectly legal.

Re:Cease-and-Desist what, exactly?

[HiThere]

No, there are limits. They can't enforce an agreement that's against the policy of the enforcing agency. They can't demand that you do something illegal. But the limits are quite broad. Broad enough that I stopped using both MS and Apple over EULAs. (Read it sometime, and try to understand it.)

Re:Cease-and-Desist what, exactly?

[VeryFluffyBunny]

Like when you sign a piece of paper that says I get to punch you. You don't have any recourse after that. Nope. I'm just allowed to punch you whenever I want for the rest of your life.

So you think a contract can nullify criminal law? Regardless of what anybody writes in an agreement, punching someone is criminal assault, with very few exceptions and they have very specific conditions, e.g. boxing and martial arts.

If an advertiser or software developer breaks the law, they can be prosecuted like everyone else.

Re:Turnabout

[dwillden]

Or since they are producing malware, perhaps the authorities might be interested in talking to the Lawyer who sent the C&D letters regarding their criminal employers.