<a href="https://www.linkedin.com/in/jaron-bradley/">Jaron Bradley,</a> Director of <a href="https://www.linkedin.com/company/jamf-software/">Jamf </a>Threat Labs, is sharing their work on "ChillyHell: A Deep Dive into a Modular macOS Backdoor." Jamf Threat Labs uncovers a newly notarized macOS backdoor called ChillyHell, tied to past UNC4487 activity and disguised as a legitimate applet. 
The malware showcases robust host profiling, multiple persistence mechanisms, timestomping, and flexible C2 communications over both DNS and HTTP. Its modular design includes reverse shells, payload delivery, self-updates, and a brute-force component targeting user credentials.
The research can be found here:
<ul>
 <li>
<a href="https://redcanary.com/blog/threat-intelligence/phishing-rmm-tools/">⁠</a><a href="https://www.jamf.com/blog/chillyhell-a-modular-macos-backdoor/?nav=1">ChillyHell: A Deep Dive into a Modular macOS Backdoor</a>
</li>
</ul> Learn more about your ad choices. Visit <a href="https://megaphone.fm/adchoices">megaphone.fm/adchoices</a>

Jon DiMaggio: Two roads diverged. [Strategy] [Career Notes]

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.