A routine VirusTotal submission on June 23, 2025 exposed Bireme.app, a new member of the notorious Pirrit adware family that quietly installs on macOS systems under the guise of a legitimate application. A recent analysis showed unsuspecting users encountering relentless pop-ups and unwanted browser redirects after bundling Bireme.app with free downloads—often without consent. What happens when your Mac slows to a crawl and your privacy vanishes into the hands of cybercriminals?
Threat Overview
Adware, or advertising-supported software, injects third-party content—pop-ups, banners, overlays—into webpages and desktops to generate illicit revenue. While some ads may appear legitimate, they often promote scams, untrustworthy software, or even malware. Bireme.app adds a layer of data tracking—collecting browsing histories, cookies, and potentially sensitive credentials—to monetize user information through third-party sales.
In-Depth Analysis
Infection Vector
Most often, Bireme.app slips in through software bundling—hidden within “custom” installers on freeware sites, P2P networks, or torrent downloads. Intrusive ads or mistyped URLs redirect victims to malicious landing pages that launch silent downloads.
Behavioral Profile
- Installation: Drops “Bireme.app” into /Applications and creates launch agents/daemons under
/Library/LaunchAgents
,/Library/LaunchDaemons
, or similar directories. - Ad Injection: Hooks into browsers to display pop-ups, overlays, and redirect scripts, often triggering unwanted downloads when clicked.
- Data Tracking: Monitors search history, cookies, and possibly captures credentials for sale on underground markets.
- Persistence: Creates plist files (
*.plist
) to auto-launch at boot, surviving simple uninstalls.
Risk Assessment
Although not outright destructive, Bireme.app poses a significant privacy threat. During the 2018 Pirrit adware surge, victims reported identity theft and financial scams following their credential data leaks. If advertisements lead to exploit kits, the adware can become a gateway for more severe infections. Early detection remains crucial to prevent cascading harms.
Artifact – Pop-Up Warning
“Bireme.app” will damage your computer.
This file was downloaded on an unknown date.
Ok | Show in Finder
Method 1: Manually Removing Adware from Your Mac
Step 1: Uninstall Suspicious Applications
- Open
Finder
and navigate toApplications
. - Carefully review the list and look for applications you don’t recognize or didn’t install.
- Drag any suspicious applications to the
Trash
. - Empty the
Trash
to ensure they’re permanently removed. - Open
System Preferences
>Users & Groups
>Login Items
. - Remove any unknown startup programs by selecting them and clicking the
-
button.
Step 2: Remove Unwanted Browser Extensions
Safari
- Open Safari and click
Safari
>Preferences
>Extensions
. - Look for any extensions you don’t recognize and uninstall them.
- Go to
History
> “Clear History” to remove traces of adware-related activity.
Google Chrome
- Click the three-dot menu in the top-right corner and select
Extensions
. - Find any unfamiliar extensions and remove them.
- Reset Chrome by going to
Settings
>Reset settings
> “Restore settings to their original defaults.”
Mozilla Firefox
- Click the three-line menu and go to
Add-ons and themes
. - Remove any unknown extensions.
- Reset Firefox via
Help
>More troubleshooting information
> “Refresh Firefox.”
Step 3: Delete Malicious Files and Folders
- Open
Finder
, pressShift + Command + G
, and enter the following locations:~/Library/Application Support/
~/Library/LaunchAgents/
~/Library/LaunchDaemons/
~/Library/Preferences/
- Look for suspicious files and remove them.
Step 4: Clear Your DNS Cache
- Open
Terminal
. - Type the following command and hit Enter:
- Enter your administrator password if prompted.
Step 5: Restart Your Mac
Restart your Mac to finalize the removal process.
Method 2: Automatically Remove Adware with SpyHunter for Mac
If you prefer a hassle-free solution, SpyHunter for Mac can detect and eliminate adware efficiently.
Step 1: Download SpyHunter
Click the link below to download SpyHunter for Mac: Download SpyHunter Here.
Step 2: Install and Set Up SpyHunter
- Open the downloaded
.dmg
file. - Drag SpyHunter into the
Applications
folder. - Launch SpyHunter and allow it to update its malware definitions.
Step 3: Run a Full System Scan
- Open SpyHunter.
- Click
Start Scan
. - Wait for the scan to complete and review the detected threats.
- Click
Fix Threats
to remove any adware found on your system.
Step 4: Restart Your Mac
Once SpyHunter has completed the removal, restart your Mac to ensure all traces of adware are gone.
Conclusion
Bireme.app leverages familiar bundling tactics and Pirrit’s adware blueprint to infiltrate macOS devices, degrade performance, and siphon private data. Prompt removal of its components and browser extensions halts unwanted ads and restores system integrity. Vigilance when installing software and regular scans with reputable anti-malware tools ensure Bireme.app never gains a foothold.