Pirrit Adware Virus – How to Remove It (Instructions for Mac)

This article has been created with the main purpose of explaining what is Pirrit Adware and how you can make sure to stop advertisements coming from it on your Mac.

SIDENOTE: This post was originally published in August 2018. But we gave it an update in August 2019.

An adware program for Mac, known as Pirrit has been detected to still be active ever since it’s first launch in early 2018. The adware aims to infect computers while remaining undetected and in addition to this display a lot of advertisements on the Macs of users. The Pirrit adware may also collect data from the affected Macs and also lead users to third-party sites that may be of a scamming or malicious character. If you see advertisements, that are related to Pirrit adware, we strongly suggest that you read this article as it aims to help you remove this unwanted program from your Mac.

Threat Summary

TypeAdware/PUP for Mac OS
Short DescriptionAims to display a wide variety of advertisements on your Mac that aim to get you to visit third-party sites of suspicious origin to likely generate the developers of Pirrit profit.
SymptomsYou may see a rich array of advertisemetns, that may lead you to third-party sites.
Distribution MethodVia bundling of setups or via other unwanted software or suspicious websites.
Detection Tool See If Your System Has Been Affected by malware


Combo Cleaner

User ExperienceJoin Our Forum to Discuss Pirrit.

Pirrit Adware – How Did I Get It

The primary method by which this virus spreads according to researchers is reported to likely be via an online marketing company’s website, known as TargetingEdge, which may be based in Israel. In addition to this, another likely method of replication of OSX.Pirrit is likely via software bundling that disguises this unwanted program as something that is of a helpful nature and is added as a free extra to a free program the user is trying to install. Such free programs are your average video converter app or an app that helps you download free media content. Usually these free apps are available on third-party sites, where Pirrit may also be offered as an addition in their installers or even may be automatically added alongside them.

There is no specific information about the TargetingEdge company, but it is clear that It is related to several other companies as it’s website suggests:

TargetingEdge is related to two other companies, TLV Media, which makes an ad targeting and ad monetization platform, and Feature Forward, which sells a video platform. According to LinkedIn, all three companies have the same board of directors and the executive who created the OSX.Pirrit variant previously worked for TLV Media.

Furthermore, in a research on Pirrit, done by Amit Serper, a security analyst at Cybereason, the company was also reported to likely be associated with such activity for quite some time. And not only this but the Pirrit adware has similar activity to malware infections.

Pirrit Adware – Activity and More Information

If your Mac has been affected by this adware, be advised that this is not a new program. Several years ago, the program was in it’s Windows version where it was detected to heavily display ads on the victim PC. But it’s Mac OS version is quite different and has more malware features added to it:

Attackers could have used the capabilities built into OSX.Pirrit to install a keylogger and steal your log-in credentials or make off with your company’s intellectual property, among many other bad outcomes.

Furthrmore, the malware has also been reported to be far more dangerous than it’s traditional Windows variant In the sense that it has a lot of capabilities added to it’s Mac version and some of them have nothing to do with adware, because they may be able to obtain the following information from your Mac:

  • The keystrokes you type.
  • Live feed from your camera.
  • Sound recording from your microphone.
  • Taking screenshots.
  • Obtaining saved passwords on your web browser.
  • Getting information regarding the apps installed on your Mac.
  • Info about what you search for and type online.

Furthermore, in addition to this, the creators of the Pirrit adware may also have left a tar.gz archive, with data that could eventually lead researchers to tracking the actual malware creators.

Programs, like Pirrit adware are nothing new for Mac machines, and the program itself may not be a direct threat to the Mac, even though it users some malicious practices, like key logging. What may be dangerous is that this adware may show different types content from third-party sites, such as:

  • Pop-ups.
  • PUPs.
  • Browser Redirects.
  • Ad-supported search results.
  • Taken over Banner spaces on the sites you visit.

Since these advertisements may lead victims to pay-per-click sites or other unwanted websites that may be of a scamming or malicious type, It is strongly advisable to remove Pirrit adware if you encounter it on your Mac.

Remove Pirrit Adware and Stop Pop-ups on Your Mac

If you want to remove Pirrit from your Mac, you will first need to identify what type of program is the adware disguised as and remove it as an app. Then, you should look for leftover files or changed DNS settings on your Mac that may lead to this adware still being active on your Mac. For maximum effectiveness, be advised that security experts always recommend to remove such ad-supported programs with the aid of an advanced anti-malware software, capable of automatically scanning and removing all malicious files from your Mac plus optimizing it so that it remains fast and protected in the future.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

with Combo Cleaner

We recommend you to download Combo Cleaner and run free scan to remove virus files on your Mac. This saves you hours of time and effort compared to doing the removal yourself.
Combo Cleaner’s scanner is free but the paid version is needed to remove the malware threats. Read Combo Cleaner’s EULA and Privacy Policy

Mac OS X Google Chrome Mozilla Firefox Microsoft Edge Safari Internet Explorer

Get rid of Pirrit from Mac OS X.

Step 1: Uninstall Pirrit and remove related files and objects

Manual Removal Usually Takes Time and You Risk Damaging Your Files If Not Careful!
We Recommend To Scan Your Mac with SpyHunter for Mac
Keep in mind, that SpyHunter for Mac needs to purchased to remove the malware threats. Click on the corresponding links to check SpyHunter’s EULA and Privacy Policy

1. Hit the ⇧+⌘+U keys to open Utilities. Another way is to click on “Go” and then click “Utilities”, like the image below shows:

2. Find Activity Monitor and double-click it:

3. In the Activity Monitor look for any suspicious processes, belonging or related to Pirrit:

Tip: To quit a process completely, choose the “Force Quit” option.

4. Click on the "Go" button again, but this time select Applications. Another way is with the ⇧+⌘+A buttons.

5. In the Applications menu, look for any suspicious app or an app with a name, similar or identical to Pirrit. If you find it, right-click on the app and select “Move to Trash”.

6: Select Accounts, after which click on the Login Items preference. Your Mac will then show you a list of items that start automatically when you log in. Look for any suspicious apps identical or similar to Pirrit. Check the app you want to stop from running automatically and then select on the Minus (“-“) icon to hide it.

7: Remove any left-over files that might be related to this threat manually by following the sub-steps below:

  • Go to Finder.
  • In the search bar type the name of the app that you want to remove.
  • Above the search bar change the two drop down menus to “System Files” and “Are Included” so that you can see all of the files associated with the application you want to remove. Bear in mind that some of the files may not be related to the app so be very careful which files you delete.
  • If all of the files are related, hold the ⌘+A buttons to select them and then drive them to “Trash”.

In case you cannot remove Pirrit via Step 1 above:

In case you cannot find the virus files and objects in your Applications or other places we have shown above, you can manually look for them in the Libraries of your Mac. But before doing this, please read the disclaimer below:

Disclaimer! If you are about to tamper with Library files on Mac, be sure to know the name of the virus file, because if you delete the wrong file, it may cause irreversible damage to your MacOS. Continue on your own responsibility!

1: Click on "Go" and Then "Go to Folder" as shown underneath:

2: Type in "/Library/LauchAgents/" and click Ok:

3: Delete all of the virus files that have similar or the same name as Pirrit. If you believe there is no such file, do not delete anything.

You can repeat the same procedure with the following other Library directories:

→ ~/Library/LaunchAgents

Tip: ~ is there on purpose, because it leads to more LaunchAgents.

Step 2: Scan for and remove malware from your Mac

When you are facing problems on your Mac as a result of unwanted scripts, programs and malware, the recommended way of eliminating the threat is by using an anti-malware program. Combo Cleaner offers advanced security features along with other modules that will improve your Mac’s security and protect it in the future.

Mac OS X Google Chrome Mozilla Firefox Microsoft Edge Safari Internet Explorer

Remove Pirrit from Google Chrome.

Step 1: Start Google Chrome and open the drop menu

Step 2: Move the cursor over "Tools" and then from the extended menu choose "Extensions"

Step 3: From the opened "Extensions" menu locate the unwanted extension and click on its "Remove" button.

Step 4: After the extension is removed, restart Google Chrome by closing it from the red "X" button at the top right corner and start it again.

Mac OS X Google Chrome Mozilla Firefox Microsoft Edge Safari Internet Explorer

Erase Pirrit from Mozilla Firefox.

Step 1: Start Mozilla Firefox. Open the menu window

Step 2: Select the "Add-ons" icon from the menu.

Step 3: Select the unwanted extension and click "Remove"

Step 4: After the extension is removed, restart Mozilla Firefox by closing it from the red "X" button at the top right corner and start it again.

Mac OS X Google Chrome Mozilla Firefox Microsoft Edge Safari Internet Explorer

Uninstall Pirrit from Microsoft Edge.

Step 1: Start Edge browser.

Step 2: Open the drop menu by clicking on the icon at the top right corner.

Step 3: From the drop menu select "Extensions".

Step 4: Choose the suspected malicious extension you want to remove and then click on the gear icon.

Step 5: Remove the malicious extension by scrolling down and then clicking on Uninstall.

Mac OS X Google Chrome Mozilla Firefox Microsoft Edge Safari Internet Explorer

Delete Pirrit from Safari.

Step 1: Start the Safari app.

Step 2: After hovering your mouse cursor to the top of the screen, click on the Safari text to open its drop down menu.

Step 3: From the menu, click on "Preferences".

stf-safari preferences

Step 4: After that, select the 'Extensions' Tab.


Step 5: Click once on the extension you want to remove.

Step 6: Click 'Uninstall'.

stf-safari uninstall

A pop-up window will appear asking for confirmation to uninstall the extension. Select 'Uninstall' again, and the Pirrit will be removed.

How to Reset Safari
IMPORTANT: Before resetting Safari make sure you back up all your saved passwords within the browser in case you forget them.

Start Safari and then click on the gear leaver icon.

Click the Reset Safari button and you will reset the browser.

Mac OS X Google Chrome Mozilla Firefox Microsoft Edge Safari Internet Explorer

Eliminate Pirrit from Internet Explorer.

Step 1: Start Internet Explorer.

Step 2: Click on the gear icon labeled 'Tools' to open the drop menu and select 'Manage Add-ons'

Step 3: In the 'Manage Add-ons' window.

Step 4: Select the extension you want to remove and then click 'Disable'. A pop-up window will appear to inform you that you are about to disable the selected extension, and some more add-ons might be disabled as well. Leave all the boxes checked, and click 'Disable'.

Step 5: After the unwanted extension has been removed, restart Internet Explorer by closing it from the red 'X' button located at the top right corner and start it again.

Pirrit FAQ

What is Pirrit?

Pirrit is classified as a potentially unwanted app for Mac. It appears like a normal app, but it may cause unpleasant pop-ups and redirects on your Mac.

Be aware, that Pirrit may be able to affect the browsers Safari, Google Chrome, Mozilla Firefox, Edge and Opera. It may they perform unwanted activities on your Mac.

Such can turn out to be showing advertisements of all types, slowing down your Mac's performance and even infecting your Mac with other viruses by showing you dangerous ads.

Is Pirrit a Virus?

No, but it is just as risky. The Pirrit object is not entirely a virus but it is still as dangerous as a virus for your Mac and your information. The main reason for that is because Pirrit can use cookies and other tracking technologies that may obtain personal information from your Mac while you are browsing.

It may also cause dangers and may lead to risky websites, such as:

  • Phishing sites.
  • Web pages that are scam.
  • Sites that may contain viruses.

These are the main reasons why threatening is considered by experts to be indirectly dangerous to your Mac.

Can my Mac get virus?

The answer to this question is "yes". Unfortunately it opened happens that Mac devices become infected with different types of malware, adware and other threats. This causes a lot of problems for both companies and users.

How did I get Pirrit?

Pirrit could be spread to Mac computers via several methods. One of those methods is via the installers of third party apps. This technique is called software bundling.

Also, Pirrit adware could be included in the installer steps of an app you may have downloaded for your Mac from a third party website. Search app could be a media player or some other free software you may have tried to recently install.

You may have missed Pirrit, because it could be hiding in one of the install steps or could be offered as a "free extra" or an "optional offer".

How to remove Pirrit from my Mac?

By removing its core files. To get rid of Pirrit from your Mac, security experts strongly advise to scan it with a professional anti-malware app for Mac.

An anti-malware security app has the capability of scanning all of the areas in your Mac were Pirrit could be residing.

It will also make sure that Pirrit is permanently gone from your Mac and that your Mac is safe in the future.

How to protect my Mac from viruses?

To protect your Mac from all sorts of virus threats, you can can minimize the risk of getting a virus in the first place. This is why we strongly recommend that you take the following steps for protection on your Mac below:

1. Register for a VPN service of your choice.
2. Clear the cookies that are on your web browsers and uninstall any browser extensions from them that you believe are suspicious.
3. Download and install reputable malware removal and protection software.
4. Always check if the website you're visiting has HTTPS instead of just HTTP in its address. This indicates that a site is secure.
5. Do not type any personal info on websites which are with low reputation or you can't trust.
6. Always check if the site you're visiting is the real web page at not a fake one by looking at the address bar. Many fishing websites that contain viruses change one or two letters in the main domain name of the site they're trying to mimic.
7. Always link your cell phone phone to your Bank Accounts, PayPal, Facebook, Gmail, Instagram and other accounts. This will allow you to see notification if somebody else logged in from your account and makes account hijacking nearly impossible.
8. Always find a way to backup all your important files regularly. You can save them on a USB stick or use Cloud backup services, like Google Drive. iDrive, Onedrive and others.

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.