Episode Details
Back to Episodes![When macOS gets frostbite. [Research Saturday]](https://megaphone.imgix.net/podcasts/a643e1b8-d1f8-11f0-8ec8-431f1da4b1ab/image/95b72a93c2ffaf8ff900d662a9bd3735.png?ixlib=rails-4.3.1&max-w=3000&max-h=3000&fit=crop&auto=format,compress)
When macOS gets frostbite. [Research Saturday]
Season 9
Episode 404
Published 3 months, 1 week ago
Description
Jaron Bradley, Director of Jamf Threat Labs, is sharing their work on "ChillyHell: A Deep Dive into a Modular macOS Backdoor." Jamf Threat Labs uncovers a newly notarized macOS backdoor called ChillyHell, tied to past UNC4487 activity and disguised as a legitimate applet.
The malware showcases robust host profiling, multiple persistence mechanisms, timestomping, and flexible C2 communications over both DNS and HTTP. Its modular design includes reverse shells, payload delivery, self-updates, and a brute-force component targeting user credentials.
The research can be found here:
Learn more about your ad choices. Visit megaphone.fm/adchoices