macOS Threats: Automate Mac Alert Triage with Intezer

Malware News
1

We are happy to announce that Intezer now supports scanning macOS files.

Intezer’s Autonomous SecOps solution automates security operations processes, including alert triage, incident response, and threat hunting. This release is an important step towards Intezer’s mission to automate all alerts that security teams need to handle, from whatever operating system you’re using. Now, you can automatically triage alerts coming from your Mac endpoints or emails that contain Mac file attachments, and get clear response recommendations from Intezer.

Similar to Linux malware, there are very minimal reliable options for analyzing macOS threats. Using Intezer’s unique code reuse technology, we can help you to automatically triage macOS files, processes and endpoints – providing you historical and contextual information that allows you to reduce false positives and better classify threats.  

Mac alert context from IntezerIntezer’s investigation note on an alert in SentinelOne’s console.

Rotten Apples: Malware Targeting macOS

Since the first documented macOS malware, “Oompa-Loompa” from 2006, different types of malware have been discovered targeting Mac endpoints. From adware and botnets to nation-state backdoors. Here are some examples:

  • Russian nation-state groups; Turla with Snake Turla and Sofacy (APT28) with Xagent
  • North Korea’s Lazarus with Dacls and Manuscrypt tools
  • IPStorm – botnet that abuses a legitimate Peer-to-peer (p2p) network
  • ElectroRAT – RAT designed to steal crypto wallets.
  • Sysjoker – backdoor, was discovered in early 2022.

Interestingly, all of these malware examples have other versions that target other operating systems besides Mac.

SysJoker malware sample Mac threatA SysJoker malware sample for Mac in Intezer Analyze.

Interested to learn more about macOS malware and analysis tools? Check out the Objective-See foundation or The Art of Mac Malware book by Patrick Wardle.

Start Triaging Mac Alerts with Intezer

Our database already contains hundreds of thousands of malicious and trusted macOS code fragments (“genes”), and continues to expand. You can integrate your endpoint security solution with Intezer (currently supported for SentinelOne and CrowdStrike) to start automating your Mac endpoint alert triage. Just sign up for Intezer to give it a try.

Want to see for yourself? You can try Intezer for free to see how it works, watch a 5 minute demo video, or reach out to our team to book a demo.

The post macOS Threats: Automate Mac Alert Triage with Intezer appeared first on Intezer.

Article Link: macOS Threats: Automate Mac Alert Triage with Intezer - Intezer