macOS Archives - SentinelLabs

Bypassing macOS TCC User Privacy Protections By Accident and Design

TCC is meant to protect user data from unauthorized access, but design flaws mean users and malware can bypass TCC, even by accident.

Security & Intelligence

New macOS Malware XcodeSpy Targets Xcode Developers with EggShell Backdoor

Targeting software developers is one route to a successful supply chain attack. Now threat actors are going after Apple developers through the Xcode IDE.

Security Research

20 Common Tools & Techniques Used by macOS Threat Actors & Malware

Threat hunting on macOS? These are the tools malware most often leverages, with ITW examples, MITRE behavioral indicators and links to further research.

Security Research

FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts

We show how to statically reverse run-only AppleScripts for the first time, and in the process reveal new IoCs of a long-running macOS Cryptominer campaign.

Adversary

APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique

Vietnamese-linked APT group OceanLotus have innovated and imitated in their latest macOS trojan, while also leaving a mysterious hard-coded calling card.

Security Research

Resourceful macOS Malware Hides in Named Fork

Threat actors targeting macOS are deploying a new trick to hide payloads and avoid detection thanks to an old technology: the named resource fork.

Security Research

Breaking EvilQuest | Reversing A Custom macOS Ransomware File Encryption Routine

A new macOS ransomware threat uses a custom file encryption routine not based on public key encryption. Jason Reaves shows how we broke it.

feature image macos privilege escalation

Security Research

Privilege Escalation | macOS Malware & The Path to Root Part 1

Researchers invest huge amounts of effort to uncover privilege escalations and develop exploits. What can we learn about macOS security from their work?

Crimeware

Detecting macOS.GMERA Malware Through Behavioral Inspection

New malware hits macOS with well-worn techniques. Can behavioral detection prevent attacks that evade legacy AV and built-in Apple security?

Security Research

macOS Incident Response | Part 3: System Manipulation

How can you detect system manipulations by malware, local or remote attackers on macOS? Find out in the final part of our series on macOS Incident Response.

Posts TaggedmacOS

Bypassing macOS TCC User Privacy Protections By Accident and Design

New macOS Malware XcodeSpy Targets Xcode Developers with EggShell Backdoor

20 Common Tools & Techniques Used by macOS Threat Actors & Malware

FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts

APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique

Resourceful macOS Malware Hides in Named Fork

Breaking EvilQuest | Reversing A Custom macOS Ransomware File Encryption Routine

Privilege Escalation | macOS Malware & The Path to Root Part 1

Detecting macOS.GMERA Malware Through Behavioral Inspection

macOS Incident Response | Part 3: System Manipulation

Hotcobalt – New Cobalt Strike DoS Vulnerability That Lets You Halt Operations

MeteorExpress | Mysterious Wiper Paralyzes Iranian Trains with Epic Troll

CVE-2021-3438: 16 Years In Hiding – Millions of Printers Worldwide Vulnerable

Conti Unpacked | Understanding Ransomware Development As a Response to Detection