The hijacking of dylibs was once one of the stealthiest persistence mechanisms, especially in binaries. While one of the most common persistence mechanisms involves abusing Login Items in macOS, other popular persistence tactics include abusing Launch Items, adding malware to scheduled tasks, or using cronjobs to execute tasks sometime in the future. Analyzing and understanding persistence tactics enables researchers to build behavior-based detections and train automated machine learning (ML) detections. Most threats, including macOS malware, attempt to ensure persistence to survive system reboots. For example, older OSX.FlashBack backdoor variants were known to use Java exploits to compromise targets.īy understanding delivery and infection vectors, researchers can take a layered approach to security, building protection capabilities to stop breaches. More complex attacks use exploits in different applications or in compromised OS kernels or accounts. Other malware variants, such as OSX.XCSSET, are distributed via either malicious documents or supply chain attacks targeting legitimate software development tools such as Xcode, Apple’s IDE. OSX.EvilQuest ransomware installing as fake Mixed In Key DJ application Fake updates, fake applications, trojanized applications and tainted versions of legitimate applications are the most common methods used to trick users into installing malicious software.įor example, OSX.EvilQuest ransomware has been known to impersonate popular sound mixing applications (as seen in Figure 3), while trojans like OSX.Lador are distributed via spam emails that contain malicious add-ons, cracked applications, free programs and fake updates.įigure 3. One of the most common methods of spreading malware involves using social engineering tactics in an attempt to trick the user into manually infecting their macOS.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |