Cybereason Labs researcher Amit Serper claimed to have spotted front companies used by the threat actors behind OSX.Pirrit as well as a newer version of the adware.
Serper said in a July 6 blog that he traced the adware to three companies, TargetEdge, TLV Media, and Feature Forward, and said that according to LinkedIn, the executive who created the OSX.Pirrit variant previously worked for TLV Media.
He also said that all three companies have the same board of directors.
The new variant of the adware checks for competing programs on a computer, removes competitors, and rewrites autoruns when removed, in addition to bombarding victims with ads and allowing an attacker to take over a user's machine or to install data stealing malware, the post said.
Serper said users should always download open-source software from the vendor's website as OSX.Pirrit is spread by piggybacking on legitimate software on third-party sites.