| title |
Peeling back the Shlayers of macOS Malware |
| date |
2019-06-01 |
| authors |
Erika Noerenberg |
Josh Watson |
|
| conference |
|
| resources |
| label |
path |
Slides |
OBTS_v2_Noerenberg_Watson.pdf |
|
|
|
|
This talk provides a technical overview of the Shlayer macOS malware family, including site discovery, distribution techniques, obfuscation, privilege escalation, and behavior. It also discusses the difficulties of analyzing macOS malware with traditional disassemblers and presents newly developed plugins for Binary Ninja that improve Objective-C analysis, including structure recovery and rendering objc_msgSend calls in a more readable format.