Anti-Analysis Logic of Arm Malware on macOS

Presented at Objective by the Sea version 4.0 (2021), Sept. 30, 2021, 4:05 p.m. (25 minutes).

Apple's new M1 systems (aka Apple Silicon) offer a myriad of benefits ...for both macOS users, and well, to malware authors as well.

However, before analyzing malware targeting this platform, one must master various foundational topics such as understanding and reversing arm64 code.

In this talk, we'll cover such topics and then apply them in order to analyze the anti-analysis logic of the first malicious program compiled to natively target Apple Silicon.

Armed (ha!) with the information and analysis techniques presented in this talk, you'll leave well on the way to becoming a proficient macOS M1 malware analyst!

Presenters:

• Patrick Wardle - Founder of Objective-See
  Patrick Wardle is the founder of Objective-See. Having worked at NASA and the NSA, as well as presented at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware and writing free open-source security tools to protect Mac users.

Links:

• https://objectivebythesea.org/v4/talks.html#Anti-Analysis Logic of Arm Malware on macOS
• https://infocon.org/cons/Objective by the Sea/Objective by the Sea 4 2022/Anti Analysis Logic of Arm Malware on macOS - Patrick Wardle.mp4
• https://infocon.org/cons/Objective by the Sea/Objective by the Sea 4 2022/Anti Analysis Logic of Arm Malware on macOS - Patrick Wardle.eng.srt (subtitles)
• https://www.youtube.com/watch?v=MAgrD3enYSg
• https://objectivebythesea.org/v4/talks/OBTS_v4_pWardle.pdf

Similar Presentations:

• DEF CON 29 (2021) / Caught you - reveal and exploit IPC logic bugs inside Apple
• DEF CON 29 (2021) / Bundles of Joy: Breaking macOS via Subverted Applications Bundles
• Black Hat USA 2021 / Arm'd and Dangerous