Skip to main content

macOS

2024

CloudChat Cashes Out: Who Needs a C2 Anyways
macOS Infostealers Malware RE CTI YARA Binary Ninja
The CloudChat infostealer returns, worse in almost everyway except that now the second stage is encrypted! Yipee!
An Infostealer's Brewin': Cuckoo & AtomicStealer Get Creative
macOS Malware RE CTI AMOS Infostealer
Recent infostealer malware campaign utilizing fake Homebrew websites to deliver Cuckoo and AtomicStealer.
LightSpy Malware Variant Targeting macOS
macOS Malware iOS APT RE
Clearing up some misconceptions about the return of LightSpy and an analysis of the macOS version.
The Secrets of XProtectRemediator
Binary Ninja Malware RE CTI YARA macOS
A primer on macOS security internals and reverse engineering macOS’ XProtectRemediators to extract ‘secret’ YARA rules!

2023

Revisiting Lazarus' Operation Intercept
Lazarus Malware RE CTI North Korea macOS
An analysis of a multi-stage macOS implant which shares a large number of commonalities with Lazarus’ Operation In(ter)ception.