Jamf Threat Labs has released a new report on “ChillyHell,” a sophisticated macOS backdoor that had previously been dormant for years.
The team notes that a new sample from the malware family has been uploaded to VirusTotal, signaling its evolution as a stealthy, legitimate and flexible threat. ChillyHell managed to pass Apple’s notarization process in 2021 and remain notarized until these findings. The malware family’s modular design allows attackers to enable remote access, drop additional payloads or brute-force passwords.
To evade detection, ChillyHell relies on tactics like timestomping, which is uncommon in modern macOS malware, and shifting between multiple C2 protocols. The result is an adaptable backdoor that shows how quickly macOS threats are advancing. You can read Jam Threat Labs’ complete report .
I hope you’ll help support Apple World Today by becoming a patron. All our income is from Patreon support and sponsored posts. Patreon pricing ranges from $2 to $10 a month. Thanks in advance for your support.
Article provided with permission from AppleWorld.Today
