<— Back

The New Normal of Mac Malware Threats

For many years, Apple has led marketing efforts to convince the world that their products are impeccably secure and private. Most end users assume that malware is simply not a concern on Apple platforms. But the reality is that the volume and sophistication of threats targeting Apple platforms are constantly increasing from year to year.

In this presentation we will cover the state of Mac malware, focusing on emerging threats. We’ll unveil intriguing tales of the discovery of new malware, threat actors’ exploitation of zero-day vulnerabilities and experimentation with advanced new techniques, and more. We’ll also discuss why the new macOS Big Sur operating system still doesn’t have sufficient built-in protection to keep Apple users safe from the latest threats.

Additional Details:

This presentation may potentially discuss (as time permits; I will focus on the most interesting aspects of malware campaigns such as the following):

• Our team’s discoveries of OSX/Linker, OSX/CrescentCore, and brand new OSX/Shlayer variants in 2019–2020
• Lazarus Group’s experimentation with “fileless” Mac malware
• “VeryMal” malware campaign that used steganography to hide malicious URLs in JPEG files
• A Firefox zero-day vulnerability that was exploited to spread Mac malware
• OSX/EvilQuest (aka OSX/ThiefQuest), which, while often described as ransomware, contains functionality that could be described as a wiper, data stealer, spyware, keylogger, evader, virus, and RAT.
• OSX/XCSSET, which targets Mac developers and spreads via Trojanized Xcode projects, and exploits two zero-day vulnerabilities
• Apple’s recent notarization of dozens of Mac malware samples is one of many examples demonstrating that Apple’s protections measures are insufficient