We are happy to announce that Intezer now supports scanning macOS files. 😁
Intezer’s Autonomous SecOps solution automates security operations processes, including alert triage, incident response, and threat hunting. This release is an important step towards Intezer’s mission to automate all alerts that security teams need to handle, from whatever operating system you’re using. Now, you can automatically triage alerts coming from your Mac endpoints or emails that contain Mac file attachments, and get clear response recommendations from Intezer.
Similar to Linux malware, there are very minimal reliable options for analyzing macOS threats. Using Intezer’s unique code reuse technology, we can automatically triage macOS files, processes and endpoints – providing you historical and contextual information that allows you to reduce false positives and better classify threats.
Rotten Apples: Malware Targeting macOS
Since the first documented macOS malware, “Oompa-Loompa” from 2006, different types of malware have been discovered targeting Mac endpoints. From adware and botnets to nation-state backdoors. Here are some examples:
- Russian nation-state groups; Turla with Snake Turla and Sofacy (APT28) with Xagent
- North Korea’s Lazarus with Dacls and Manuscrypt tools
- IPStorm – botnet that abuses a legitimate Peer-to-peer (p2p) network
- ElectroRAT – RAT designed to steal crypto wallets.
- Sysjoker – backdoor, was discovered in early 2022.
Interestingly, all of these malware examples have other versions that target other operating systems besides Mac.
Start Triaging Mac Alerts with Intezer
Our database already contains hundreds of thousands of malicious and trusted macOS code fragments (“genes”), and continues to expand. You can integrate your endpoint security solution with Intezer (currently supported for SentinelOne and CrowdStrike) to start automating your Mac endpoint alert triage. Just sign up for Intezer to give it a try.