Reverse Engineering Mac Malware

Reverse Engineering Mac Malware

This is the first part of a series of posts reflecting the Security B Sides presentation done by Sarah Edwards, experienced digital forensic analyst. The subject matter includes an overview of tools and methods which are applicable to reverse engineer the infections tailored for Mac. In particular, the presentation covers file types and instruments in the context of static analysis as well as such components of dynamic analysis as virtualization and application tracing, with some illustrations being provided along the way.

Remove Mac Defender virus from Mac OS X

Remove Mac Defender

Mac Defender, also known as Mac Protector, is notorious scareware designed to specifically infect Mac boxes. It is one of the malicious applications that pioneered in the realm of Macs, and after years since the launch it appears to still be active. What Mac Defender does is it runs bogus scans of the system and states that malware has been detected, thus forcing users to register its paid version. So learn the background of this infection and get advised on Mac Defender removal.

Remove MacGlobalDeals virus ads from Safari/Firefox/Chrome on Mac OS X

Remove MacGlobalDeals

Out of all the versatile sorts of Internet advertising and promotion, the authors of MacGlobalDeals app for Mac OS X chose an unwelcome path based on highly intrusive techniques. The way it works involves trespassing of the malicious code on the user’s machine via obscure drive-by tricks, and then installing a browser extension which deploys a noxious ad placement activity regardless of the victim’s discretion. This post reflects in-depth dissection of this Mac adware and provides effective removal instructions.

Remove Offers4U ads from Mac OS X (Safari, Chrome, Firefox removal)

Remove Offers4U Ads

The adware referred to as Offers4U compromises both Windows and Mac users. The foremost reason why its impact is irritating is because the visited websites get third-party components embedded in their layout without transparent user authorization preceding these occurrences. Usually brought with other software that doesn’t appear to be related, this infection causes distress, web browsing disruption and possibly privacy issues.

A Mac OS X Rootkit Uses the Tricks You Haven’t Known Yet 4 - Integrity Checkup with System Virginity Verifier

Mac OS X Rootkit

The Team T5 guys, TT (Sung-ting Tsai) and Nanika (Ming-chieh Pan), end their Black Hat presentation with the description of a trick to gain root permission on Mac OS X. Also, the experts provide the main takeaways that should be drawn from their research and introduce the System Virginity Verifier for Mac OS X (SVV-X) tool intended for comprehensive Mac integrity checkup.

A Mac OS X Rootkit Uses the Tricks You Haven’t Known Yet 3 - Benefits of the Host Privilege

Mac OS X Rootkit

This part of the Black Hat presentation by representatives of the Team T5 Research is dedicated to nuances of host privilege on Mac OS X and what can be done with it. In particular, the ways of granting such permissions to a normal user are highlighted. Additionally, the experts describe a method for bypassing the kernel module verification and show the process of loading kernel module in a demo.