In December, Pirrit recorded a massive increase in detections, as Novinky.cz reported earlier. From 21.47% in November, the number of detections in the Czech Republic and Slovakia jumped to 39.1% in December.

“Adware Pirrit is a classic representative of codes that display aggressive ads. Users usually download it to their devices themselves and voluntarily, often as part of other programs or games that the attackers offer in third-party stores or on various Internet repositories for free or in advantageous packages,” explained Jiří Kropáč, head of the Eset virus laboratory in Brno.

Pirrit has dramatically strengthened, security experts sound the alarm

Adware is a long-term problem

According to him, adware has been successful in the Czech Republic for a long time. “As a rule, users do not pay as much attention to it as other malicious codes and do not consider it dangerous, but this can backfire on them – adware can download far more serious malicious codes to the device and obtain information about what we do on the Internet,” Kropáč added.

“This year, it is again likely that adware will continue to be the main threat in the Czech Republic. As the number of users of Apple devices increases, not only does the number of potential victims increase, but the targeting and sophistication of attacks can also increase. Adware is often underestimated, even though it can pose a serious security risk. Many users consider adware to be less dangerous than other forms of malware such as viruses or trojans. This view can lead to insufficient protection and caution,” the security expert pointed out.

The malicious codes Downloader.Adload and Proxy.Agent also appeared on the front lines in the past month. “The Trojan horse Downloader.Adload is a type of malicious code that, after infecting a device, continues to download some components or add-ons for the Internet browser to it, but without the user’s knowledge,” Kropáč described.

The goal of the Proxy.Agent malicious code is to monitor the outgoing web communication and the user’s activity on the Internet.

Jiří Kropáč, head of the ESET virus laboratory in Brno

“The purpose of the malicious Proxy.Agent code is to monitor outgoing web traffic and user activity on the Internet. By obtaining information about user behavior on the Internet, attackers can subsequently modify incoming web traffic by altering search engine search results. They prioritize their content, which may be misleading or fraudulent, or redirect users to a preferred website, such as an e-shop,” said the security expert.

According to him, both mentioned malicious codes are a good example of why users should not underestimate the risks on the macOS platform. The malicious code Proxy.Agent thus functions as a local web proxy server through which the communication of the Internet browser Safari or Firefox takes place.

In the table below, you can find an overview of other malicious codes that users in the Czech Republic and Slovakia most often encountered in the past month.

TOP5 threats in the Czech Republic and Slovakia for macOS – December 2023: 1.OSX/Adware.Pirrit (39.1%)2.OSX/TrojanDownloader.Adload (13.6%)3.OSX/TrojanProxy.Agent (5.5 %) 4.OSX/Adware.Bundlore (2.7%) 5.OSX/Agent (0.9%)

Fraudsters are playing journalists

Users should beware of various investment scams in which attackers misuse the name of the news server Novinky.cz. Fraudsters usually attract easy earnings in connection with well-known personalities. In recent months, for example, fake articles featuring President Petr Pavlo or moderator Jan Kraus have appeared.

However, this is a typical phishing scam, where attackers try to extort money from people under the guise of easy profit. However, the scam is quite sophisticated, all the links in the fake article lead to another fraudulent website.

In order to confuse the trusting person as much as possible, cybercriminals in some cases do not want him to immediately fill in credit card numbers or send any money. Everything starts with registration on the given platform, after which the user will be contacted by the platform administrator. It is only with his help that money is coaxed from the trusting. You don’t have to contact him only by e-mail, but also by phone.

