Chapter 11: Malware Detection and Analysis with macOS Memory Forensics
Previously, attacks on macOS, as well as the development of specific malware for this operating system, were single events and were often limited to trivial adware. In 2020–2021, the main threat to macOS was still the adware Shlayer (https://redcanary.com/threat-detection-report/threats/shlayer/), but we are increasingly seeing targeted attacks with advanced threat actors behind them. A good example is APT32 or OceanLotus, a Vietnamese-linked group, which targeted macOS users with backdoors, delivered via malicious Microsoft Word documents.
The growing popularity of macOS in enterprise environments has triggered the appearance of various macOS post-exploitation tools: MacShellSwift, MacC2, PoshC2, and the Empire post-exploitation framework. Moreover, Malware-as-a-Service for macOS (https://www.computerworld.com/article/3626431/scary-malware-as-a-service-mac-attack-discovered.html) has already appeared...