OSX/Pirrit - Reverse engineering mac OSX malware and the legal department of the company who makes it

Presented at DerbyCon 8.0 Evolution (2018), Oct. 6, 2018, noon (50 minutes).

Back in 2016 I discovered a new OSX strain of the Pirrit adware/malware which up until then only targeted windows machines. I completely reverse engineered the malware, which runs with root privileges, hijacks all the HTTP traffic on the infected machine, and employs several other nefarious tricks. Due to some stunning opsec mistakes (which I will cover) I found the malware’s authors downright to their full names and the company that they work for. Fast forward almost two years later, OSX/Pirrit was back with a vengeance, employing new techniques and learning their lessons from everything I wrote about in my previous reports. Nevertheless, after lots of binary reverse engineering, going through thousands of lines of JavaScript, bash, and AppleScript code - I managed to reveal just how sinister the new version of OSX/pirrit is which is virtually impossible to remove without deep OSX knowledge. Due to more opsec mistakes by the authors I managed to tie this new wave of infections back to On top of that, TargetingEdge, the company who makes this adware/malware, bombarded us with cease and desist letters, threatening my employer and myself personally - trying to keep us from publishing our report. In my talk I will highlight all of the methods that were used by the authors of the malware to abuse systems, I will guide the attendees through the process of reverse engineering such malware and share with everyone the amazing and hilarious story behind this whole incident. There will be IDA screenshots, there will be stunning opsec mistakes by the authors and there will lolz galore.Join me for a session about reverse engineering, browser hooking tricks on OSX and interesting tales about my time with our corporate attorney battling these legal threats. This talk is meant for beginners and experienced audiences alike as I intend to walk through all the phases of my research. Attendees will walk out this talk knowing a lot about the security and the process of malware analysis on macs along with how to handle situations where the malware authors are sending their attorneys on you.


Presenters:

Similar Presentations: