VB2017 preview: Offensive malware analysis: dissecting OSX/FruitFly.B via a custom C&C server

Posted by   Martijn Grooten on   Sep 29, 2017

Apart from the odd taxi driver loudly making the claim, the idea that "Macs don't get malware" has become something of the past. Nevertheless, most security researchers focus on Windows (and increasingly Android) malware, thus making malware that targets macOS still the odd one out.

Someone who for years has focused almost exclusively on researching Mac malware is Synack's Patrick Wardle. Patrick is often the go-to person for the press when a new Mac malware variant or attack is discovered, and he has spoken on the subject at the last three VB conferences, covering persistence methods; issues with Gatekeeper; and hacking webcams. He recently made the news when he found a zero-day vulnerability in the new macOS version, High Sierra.

Next week Patrick will be back at the VB conference to present a long and detailed paper in which he analyses the mysterious 'FruitFly' malware, discovered earlier this year after having managed to stay under the radar for years. What is interesting about Patrick's analysis, and what makes his talk very relevant not just for Mac experts but for all security researchers, is that he set up a custom C&C server to find out what the malware is capable of.

<wireshard_wardle_vb2017.png

For those who are interested in (advanced) Mac malware, Patrick's talk is followed by a presentation by Bitdefender's Tiberius Axinte on the Mac variant of APT28's 'XAgent' tool.

Registration for VB2017 remains open, but places are filling up fast – book now to avoid disappointment!

VB2017-325w.jpg

 

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

Didn't come to VB2017? Tell us why!

Virus Bulletin is a company - and a conference - with a mission: to further the research in and facilitate the fight against digital threats. To help us in this mission, we want to hear from those who didn't come to Madrid. What is your impression of…

Montreal will host VB2018

Last week, we announced the full details of VB2018, which will take place 3-5 October 2018 at the Fairmont The Queen Elizabeth hotel in Montreal, Quebec, Canada.

VB2017 preview: Beyond lexical and PDNS (guest blog)

In a special guest blog post, VB2017 Silver sponsor Cisco Umbrella writes about a paper that researchers Dhia Mahjoub and David Rodriguez will present at the conference this Friday.

Avast to present technical details of CCleaner hack at VB2017

The recently discovered malicious CCleaner version has become one of the biggest security stories of 2017. Two researchers from Avast, the company that had recently acquired CCleaner developer Piriform, will share the results of their investigations…

VB2017 preview: Walking in your enemy's shadow: when fourth-party collection becomes attribution hell

We preview the VB2017 paper by Kaspersky Lab researchers Juan Andrés Guerrero-Saade and Costin Raiu on fourth-party collection and its implications for attack attribution.