This blog addresses some of the challenges and requirements our researchers must meet when analyzing macOS threats. The deep understanding and knowledge they gain is used both to create new features for structural parsing that augments our machine learning detection capabilities and to improve the proficiency of our behavior-based protection. MacOS malware research starts with the fundamentals, such as classifying macOS malware by file type continues with the capabilities, intended targets and general behavior of malware and ends with obstacles researchers encounter when analyzing macOS malware. File Type Classification for macOS Threats Threats that target macOS systems have the same goals as those targeting any other operating systems they range from spying and reconnaissance to cryptocurrency mining, file encryption, remote access, and adware-related hijack and injection.
Malware developers often try to hide or mask file types in an attempt to trick users into executing them. File-type identification also helps in establishing the tools required in the analysis. Figure 2 offers an overview of macOS malware file types.Įven though most malware are compiled binaries, many non-binary file types are commonly encountered while analyzing macOS malware each has its own advantages and disadvantages for the adversaries that use them.
0 kommentar(er)
