“Mac Malware Steals Cryptocurrency Exchanges’ Cookies”.“How to Reverse Malware on macOS Without Getting Infected”ĬookieMiner is a cryptominer that also steals user cookies and passwords, likely to give attackers access to victims online accounts and wallets.ĭownload: OSX.CookieMiner (password: infect3d) “Lets Play Doctor: Practical OSX Malware Detection & Analysis” If you’re interested in general Mac malware analysis techniques, check out the following resources: Installed (to /usr/bin/lldb) as part of Xcode.Ī “reverse engineering tool (for macOS) that lets you disassemble, decompile and debug your applications” …or malware specimens! The de-facto commandline debugger for macOS. Our ( open-source) utility that displays code-signing information, via the UI. Our user-mode ( open-source) utility monitors file events (such as creation, modifications, and deletions) providing detailed information about such events. Our user-mode ( open-source) utility that monitors process creations and terminations, providing detailed information about such events. Throughout this blog, we’ll reference various tools used in analyzing the malware specimens.
The “ malwareland” channel on the MacAdmins slack / / / and others who choose to remain unnamed. I’d personally like to thank the following organizations, groups, and researchers for their work, analysis, & assistance! 🙏🏻
