Amit conducts safety studies. He specializes in research at the low level, vulnerability and kernel level, malware analysis and reverse engineering in Windows, Linux and macOS.
Previously, a research report was published that analyzed very unpleasant adware aimed at Mac OS X. While the main task of OSX.Pirrit was to display ads. As a result, the code OSX.Pirrit had the potential to carry out much more malicious actions.
This article describes the third part of the study (download PDF of this report in this article).
Pirrit / BrowserEnhancer / DaVinci (or whatever you want to call it) is not a serious threat. Malware OSX.Pirrit runs under root privileges, creates autorun and generates random names for each installation. Unfortunately, there are no removal instructions, and some of its components mask themselves to look as if they are legitimate and from Apple.