File Type Classification for macOS Threats Threats that target macOS systems have the same goals as those targeting any other operating systems they range from spying and reconnaissance to cryptocurrency mining, file encryption, remote access, and adware-related hijack and injection. MacOS malware research starts with the fundamentals, such as classifying macOS malware by file type continues with the capabilities, intended targets and general behavior of malware and ends with obstacles researchers encounter when analyzing macOS malware.
The deep understanding and knowledge they gain is used both to create new features for structural parsing that augments our machine learning detection capabilities and to improve the proficiency of our behavior-based protection. This blog addresses some of the challenges and requirements our researchers must meet when analyzing macOS threats. The fallacies that macOS cannot be harmed by threats or is targeted by less-sophisticated malware still linger. CrowdStrike researchers constantly hunt, analyze and gain understanding of any macOS artifact that looks even remotely suspicious to improve CrowdStrike’s automated machine learning and behavior-based protection capabilities. Improving the CrowdStrike Falcon® platform’s ability to detect macOS threats is a continuous process. OSX.EvilQuest was the most prevalent macOS ransomware family in 2021, accounting for 98% of ransomware in the researchers’ analysis, while OSX.Flashback accounted for 31% of macOS backdoor threats and OSX.Lador accounted for 47% of macOS trojans.
0 kommentar(er)
