Posts TaggedmacOS

New macOS Malware XcodeSpy Targets Xcode Developers with EggShell Backdoor

Targeting software developers is one route to a successful supply chain attack. Now threat actors are going after Apple developers through the Xcode IDE.

Security Research

20 Common Tools & Techniques Used by macOS Threat Actors & Malware

Threat hunting on macOS? These are the tools malware most often leverages, with ITW examples, MITRE behavioral indicators and links to further research.

Security Research

FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts

We show how to statically reverse run-only AppleScripts for the first time, and in the process reveal new IoCs of a long-running macOS Cryptominer campaign.

Adversary

APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique

Vietnamese-linked APT group OceanLotus have innovated and imitated in their latest macOS trojan, while also leaving a mysterious hard-coded calling card.

Security Research

Resourceful macOS Malware Hides in Named Fork

Threat actors targeting macOS are deploying a new trick to hide payloads and avoid detection thanks to an old technology: the named resource fork.

Security Research

Breaking EvilQuest | Reversing A Custom macOS Ransomware File Encryption Routine

A new macOS ransomware threat uses a custom file encryption routine not based on public key encryption. Jason Reaves shows how we broke it.

feature image macos privilege escalation

Security Research

Privilege Escalation | macOS Malware & The Path to Root Part 1

Researchers invest huge amounts of effort to uncover privilege escalations and develop exploits. What can we learn about macOS security from their work?

Crimeware

Detecting macOS.GMERA Malware Through Behavioral Inspection

New malware hits macOS with well-worn techniques. Can behavioral detection prevent attacks that evade legacy AV and built-in Apple security?

Security Research

macOS Incident Response | Part 3: System Manipulation

How can you detect system manipulations by malware, local or remote attackers on macOS? Find out in the final part of our series on macOS Incident Response.

Security Research

macOS Incident Response | Part 2: User Data, Activity and Behavior

What can we learn about user activity and behavior on a compromised Mac? Learn about the hidden and obfuscated data stores Apple use on the macOS platform.

@FeverTreeMixers’s previous #endpoint security product required painstaking configuration and upkeep. They wanted… https://t.co/rrRGJshy0511 hours ago
RT @LisaH_Jackson: .@ATT Launches new managed comprehensive endpoint security solution with @SentinelOne. Endpoint protection against #cybe…12 hours ago
RT @EFF: "At the time, [China's] was the only internet censorship in town. There was this thought—oh look, it's so quaint, a country trying…12 hours ago
#NTLM is still actively exploited. Follow each step in this #Vigilance #MDR analysis of a real-world attack and… https://t.co/S0TRyHl0OP13 hours ago

0 / 131

Posts TaggedmacOS

New macOS Malware XcodeSpy Targets Xcode Developers with EggShell Backdoor

20 Common Tools & Techniques Used by macOS Threat Actors & Malware

FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts

APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique

Resourceful macOS Malware Hides in Named Fork

Breaking EvilQuest | Reversing A Custom macOS Ransomware File Encryption Routine

Privilege Escalation | macOS Malware & The Path to Root Part 1

Detecting macOS.GMERA Malware Through Behavioral Inspection

macOS Incident Response | Part 3: System Manipulation

macOS Incident Response | Part 2: User Data, Activity and Behavior

CVE-2021-21551- Hundreds Of Millions Of Dell Computers At Risk Due to Multiple BIOS Driver Privilege Escalation Flaws

Relaying Potatoes: Another Unexpected Privilege Escalation Vulnerability in Windows RPC Protocol

A Deep Dive into Zebrocy’s Dropper Docs

Adventures From UEFI Land: the Hunt For the S3 Boot Script