Adware is just malware with a legal department - how we reverse engineered OSX/Pirrit, received legal threats, and survived

Presented at VB2018, Oct. 3, 2018, 5 p.m. (30 minutes)

This is the talk that adware makers don't want you to attend because it exposes the seedy world of adware and teaches you what to do when adware companies threaten you with legal action. In 2016, I reverse engineered OSX.Pirrit. *TargetingEdge*, the company behind the program, claimed it was adware but it had more in common with malware, including the ability to run root privileges and hijack an infected *Mac*'s HTTP traffic. Last December, an even nastier variant of OSX.Pirrit emerged. Binary reverse engineering and analysis of thousands of lines of JavaScript, Bash and AppleScript showed that this version used new techniques to hijack browsers and can't be removed without deep OSX knowledge. *TargetingEdge* learned about my research and bombarded me and my employer with cease and desist letters. Undeterred, I worked with my company's lawyer to refute their allegations and publish the research. Adware and legal scare tactics make the jobs of security professionals even more difficult. One jeopardizes user and company security and the other can stymie important research. This session will tackle both issues. Attendees will learn the risks that adware poses through the technical analysis that was performed, how to protect *Mac* from security threats, and why solid research is the best defence against legal threats from companies that develop predatory software.

Presenters:

• Amit Serper - Cybereason
  Amit Serper Amit leads the security research at Cybereason's Noctornus group in the company's Boston HQ. He specializes in low-level, vulnerability and kernel research, malware analysis and reverse engineering on Windows, Linux and macOS. He also has extensive experience researching, reverse engineering, and exploiting IoT devices of various kinds. Prior to joining Cybereason four years ago, Amit spent nine years leading security research projects and teams for an Israeli government intelligence agency, specifically in embedded systems security (or lack of). @0xAmit

Links:

• https://www.virusbulletin.com/conference/vb2018/abstracts/adware-just-malware-legal-department-how-we-reverse-engineered-osxpirrit-received-legal-threats-and-survived

Similar Presentations:

• DerbyCon 8.0 Evolution (2018) / OSX/Pirrit - Reverse engineering mac OSX malware and the legal department of the company who makes it
• LayerOne 2018 / Adware is just Malware with a Legal Department
• HushCon East 2018 / Adware is just Malware with a Legal Department - How we Reverse Engineered OSX/Pirrit, Got Legal Threats and Survived