Threat actors targeting macOS are deploying a new trick to hide payloads and avoid detection thanks to an old technology: the named resource fork.
Posts TaggedmacOS
Breaking EvilQuest | Reversing A Custom macOS Ransomware File Encryption Routine
A new macOS ransomware threat uses a custom file encryption routine not based on public key encryption. Jason Reaves shows how we broke it.
Privilege Escalation | macOS Malware & The Path to Root Part 1
Researchers invest huge amounts of effort to uncover privilege escalations and develop exploits. What can we learn about macOS security from their work?
Detecting macOS.GMERA Malware Through Behavioral Inspection
New malware hits macOS with well-worn techniques. Can behavioral detection prevent attacks that evade legacy AV and built-in Apple security?
macOS Incident Response | Part 3: System Manipulation
How can you detect system manipulations by malware, local or remote attackers on macOS? Find out in the final part of our series on macOS Incident Response.
macOS Incident Response | Part 2: User Data, Activity and Behavior
What can we learn about user activity and behavior on a compromised Mac? Learn about the hidden and obfuscated data stores Apple use on the macOS platform.
macOS Incident Response | Part 1: Collecting Device, File & System Data
How should you investigate an infected Mac? Has there been lateral movement, data exfiltration, system manipulation? Learn macOS incident response here.
Lazarus APT Targets Mac Users with Poisoned Word Document
Threat actors have the know-how to develop campaigns that target your weakest link. Learn how Lazarus APT took their malware to Apple’s macOS platform.