This previous blog post explored ways to use osquery for macOS malware analysis. Using the same methodology introduced there, we analyzed five additional macOS malware variants and recorded their behavior to understand the techniques they used. Below, you’ll find the techniques used by Calisto, Dummy, HiddenLotus, LamePyre and WireLurker. Read on to explore how to translate the techniques used by these malware into queries you can run to hunt for the active presence or historical artifacts using osquery.
*** This is a Security Bloggers Network syndicated blog from Uptycs Blog authored by Amit Malik. Read the original post at: https://www.uptycs.com/blog/macos-malware-threat-hunting