This newest OSX.Pirrit variant has infected tens of thousands of Mac computers around the world. Typical adware campaigns enable the attackers to flood a person’s computer with ads. However, OSX.Pirrit not only bombards Macs with adware, it spies on users and runs with the highest user privileges, enabling hackers to leverage this adware to capture personal information on the users, including bank account logins and intellectual property of businesses.
It has all the hallmarks of classic PUP (Potentially unwanted programs) but as the author points out in this fantastically detailed post - is it time to just start calling these apps what they truly are - Malware
As for OSX.Pirrit malware, it runs under root privileges, creates autoruns and generates random names for itself on each install. Plus, there are no removal instructions and some of its components mask themselves to appear like they’re legitimate and from Apple. And don’t forget that TargetingEdge used domains that appeared to be generated by some sort of DGA and made many attempts to hide any link between the domains and TargetingEdge.