Blog keyword search

VB2019 paper: Cyber espionage in the Middle East: unravelling OSX.WindTail

At VB2019 in London, Jamf's Patrick Wardle analysed the WindTail macOS malware used by the WindShift APT group, active in the Middle East. Today we publish both Patrick's paper and the recording of his presentation.
Cyber espionage in the Middle East: unravelling OSX.WindTail Read the paper (HTML) Download the paper (PDF)   The Middle East continues to be a hotbed of APT activity. The… https://www.virusbulletin.com/blog/2020/04/vb2019-paper-cyber-espionage-middle-east-unravelling-osxwindtail/

VB2019 paper: Play fuzzing machine - hunting iOS and macOS kernel vulnerabilities automatically and smartly

In a paper presented at VB2019 in London, Trend Micro researchers Lilang Wu and Moony Li explained how the hunt for vulnerabilities in MacOS and iOS operating systems can be made both smarter and more automatic. Today we publish both their paper and the r…
Apple’s MacOS and iOS operating systems are often praised for their security. Yet vulnerabilities in both operating systems are regularly being found and exploited, especially by… https://www.virusbulletin.com/blog/2020/03/vb2019-paper-play-fuzzing-machine-hunting-ios-and-macos-kernel-vulnerabilities-automatically-and-smartly/

VB2019 paper: Never before had Stierlitz been so close to failure (or: what is a Soviet super-spy doing in a popular bundleware for Mac?)

Today, we publish the VB2019 paper and video by Sophos researcher Sergei Shevchenko in which he analyses a popular yet unnamed piece of macOS ‘bundleware’.
Over the years, many ‘potentially unwanted applications’ have plagued macOS in the same way they have plagued other platforms. Though anti-virus isn’t ubiquitous on Macs,… https://www.virusbulletin.com/blog/2019/12/vb2019-paper-never-had-stierlitz-been-so-close-failure-or-what-soviet-super-spy-doing-popular-bundleware-mac/

VB2019 video: Discretion in APT: recent APT attack on crypto exchange employees

At VB2019 in London, LINE's HeungSoo Kang explained how cryptocurrency exchanges had been attacked using Firefox zero-days. Today, we publish the video of his presentation.
In June, employees at cryptocurrency exchange Coinbase were targeted by emails linking to a website that used two zero-day vulnerabilities in the Firefox browser to deliver macOS… https://www.virusbulletin.com/blog/2019/11/vb2019-video-discretion-apt-recent-apt-attack-crypto-exchange-employees/

XMRig used in new macOS cryptominer

A new piece of cryptocurrency-mining malware on macOS has been found to use the popular XMRig miner.
Users complaining on Apple's official discussion forum about processes that use a lot of CPU have led to the discovery of a new piece of cryptocurrency-mining malware on macOS… https://www.virusbulletin.com/blog/2018/05/xmrig-used-new-macos-cryptominer/

Alleged author of creepy FruitFly macOS malware arrested

A 28-year old man from Ohio has been arrested on suspicion of having created the mysterious FruitFly malware that targeted macOS and used it to spy on its victims.
It is almost a year since the mysterious FruitFly malware for macOS was discovered. Malware targeting macOS is still uncommon enough to be newsworthy, but FruitFly seemed… https://www.virusbulletin.com/blog/2018/01/alleged-author-creepy-fruitfly-macos-malware-arrested/

VB2017 paper: Offensive malware analysis: dissecting OSX/FruitFly.B via a custom C&C server

At VB2017 in Madrid, macOS malware researcher Patrick Wardle presented the details of a specific piece of Mac malware, FruitFly, which he analysed through a custom C&C server - a technique that will also be of interest for researchers of malware on other …
Few readers of this blog will believe that there aren't any security issues with Apple's macOS operating system, a point made rather unsubtly by yesterday's discovery of a flaw… https://www.virusbulletin.com/blog/2017/11/vb2017-paper-offensive-malware-analysis-dissecting-osxfruitflyb-custom-cc-server/

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.