COMMSEC: Meet & Greet with the MacOS Malware Class of 2016

PRESENTATION SLIDES (PDF)

Say hello to KeRanger, Eleanor, Keydnap, Mokes, and more! 2016 was a busy year for Mac malware authors who released a variety of new macOS malware creations. Sure adware remained common, but 2016 also saw the first ‘real’ ransomware targeting Macs, plus a variety of persistent RATs and backdoors. And unfortunately the majority of this malware was initially undetected by all traditional antivirus products leaving mac users exposed!

The talk will begin by providing a technical overview of both new and prevalent macOS malware which affected mac users during 2016. Specifically, we’ll dive into the infection vectors, persistence mechanisms, and features of each malware specimen.

Following this, the talk will cover various built-in macOS security mitigations and discuss how, in some cases, these would have proactively thwarted infection. More important though, we’ll discuss how some of the malware was unfortunately able to sidestep these.

The talk will conclude by discussing various generic detection mechanisms that would have protected mac users from all these threats. Moreover, best security practices will be briefly covered in order to ensure that mac users can remain secure!

COMMSEC
Location: Track 4 / CommSec Date: April 13, 2017 Time: 3:00 pm - 3:30 pm Patrick Wardle