OrchardNest

The first (macOS) malware of 2021 is an insidious remote access tool (RAT), containing a variety of embedded payload to extend its functionality.

Our annual report on all the Mac malware of the year - including samples for download, infection vectors, persistence mechanisms, payloads and more!

In this guest blog post, the noted Mac security researcher/author Jaron Bradley explains how to detect (potentially malicious) SSH activity...via process monitoring and the analysis of process hierarchies.

Here we continue to deconstruct a Mac variant of GravityRAT (the cross-platform spyware, known to target the Indian armed forces), focusing on its Electron component.

Here we deconstruct a Mac variant of GravityRAT (the cross-platform spyware, known to target the Indian armed forces).

In this guest blog post, the security researcher behind @OSCartography, describes a bug related to parsing property lists ...a bug that trivial crashed macOS!

Interested in learning about a macOS cyber-espionage implant ...that leveraged priv-escalation exploits and a kernel-mode rootkit!? In this post, we analyze the macOS version of FinSpy.

Unfortunately we didn't have to wait long before hackers found a way to (ab)use Apple's new notarization service to get their malware approved! In this post, we tear apart an adware campaign that utilized malicious payloads containing...

Even wondered how a system can be persistently infected by simply opening a document? In this post, I detail an exploit chain (created by yours truly), that was able fully infect a fully-patched macOS Catalina system, by simply opening a...

Security researcher Ilias Morad, describes an impressive exploit chain, combining three macOS logic bugs he uncovered in macOS. His exploit chain allowed a local user to elevate privileges all the way to ring-0 (kernel)!

In this guest blog post, security researcher Matt Shockley describes a lovely security vulnerability he uncovered in macOS. This bug allowed for a complete bypass of TCC's draconian entitlement checks, all without writing a single line of...

Parent-child relationships are one of the simplest and most effective ways to detect malicious activity at the host level ...however on macOS things can get a little complex. Luckily security researcher Jaron Bradley is here to explain...

OSX.EvilQuest is a new piece of malware targeting Mac users. In part two, we analyze the malware's viral infection capabilities, and detail its insidious capabilities.

OSX.EvilQuest is a new piece of malware targeting Mac users. In part one, we analyze the malware's infection vector, persistence mechanism, and anti-analysis logic.

Tiny SHell is a lightweight backdoor used in APT attacks against Mac users. In this (guest) post, the noted macOS security researcher (and #OBTS speaker!) Jaron Bradley provides a comprehensive analysis!