<— Back

The New Normal of Mac Malware Threats

For many years, Apple has led marketing efforts to convince the world that their products are impeccably secure and private. Most end users assume that malware is simply not a concern on Apple platforms. But the reality is that the volume and sophistication of threats targeting Apple platforms are constantly increasing from year to year.

In this presentation we will cover the state of Mac malware, focusing on emerging threats. We’ll unveil intriguing tales of the discovery of new malware, threat actors’ exploitation of zero-day vulnerabilities and experimentation with advanced new techniques, and more. We’ll also discuss why the new macOS Big Sur operating system still doesn’t have sufficient built-in protection to keep Apple users safe from the latest threats.

Additional Details:

This presentation may potentially discuss (as time permits; I will focus on the most interesting aspects of malware campaigns such as the following):

  • Our team’s discoveries of OSX/Linker, OSX/CrescentCore, and brand new OSX/Shlayer variants in 2019–2020
  • Lazarus Group’s experimentation with “fileless” Mac malware
  • “VeryMal” malware campaign that used steganography to hide malicious URLs in JPEG files
  • A Firefox zero-day vulnerability that was exploited to spread Mac malware
  • OSX/EvilQuest (aka OSX/ThiefQuest), which, while often described as ransomware, contains functionality that could be described as a wiper, data stealer, spyware, keylogger, evader, virus, and RAT.
  • OSX/XCSSET, which targets Mac developers and spreads via Trojanized Xcode projects, and exploits two zero-day vulnerabilities
  • Apple’s recent notarization of dozens of Mac malware samples is one of many examples demonstrating that Apple’s protections measures are insufficient

Joshua Long


Joshua Long (@theJoshMeister), Intego’s Chief Security Analyst, is a renowned cybersecurity researcher, writer, and public speaker. He has a master’s degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple ID authentication vulnerability. Josh has conducted cybersecurity research for more than 20 years, which has often been featured by major news outlets worldwide.

Sponsors and Supporting Organizations

Diamond Sponsors

Platinum Sponsor

Networking Lounge Sponsor

Supporting Organization

Associate Sponsors