VirusTotal said in its announcement that users will be able to scan the supported file types on the service’s website, through its OS X Uploader app, via the VirusTotal API. “This will allow me both validate and improve tools such as KnockKnock and BlockBlock that attempt to detect persistence techniques in order to protect Mac users.” “For example, now I’ll easily be able to see how a fairly comprehensive set of OS X malware persists (to ensure automatic (re)execution each time an infected computer is restarted),” Wardle said. The data contained in the reports can also be integrated into OS X security tools, improve their detection and analysis capabilities. “Being able to upload an OS X binary, have it scanned by multiple AV engines, and now have an automated behavioral analysis report should definitely expedite OS X malware triage and analysis.” “This is a a great tool for malware analysts, or even just inquisitive OS X users,” said Patrick Wardle, director of research of security company Synack and a well-known Apple researcher. Researchers can now upload suspicious Mac OS X Mach-O executables, DMG files or zip files containing Mac apps and get a behavioral report in return from the service. Granted it hasn’t reached the critical mass of malicious code for Windows, but recent encounters with WireLurker, XcodeGhost and YiSpecter among others have elevated the conversation to levels where it’s been legitimized.Īdding further credence, Google-owned online malware scanner VirusTotal this week announced the availability of sandbox execution for Mac OS X apps.
0 Comments
Leave a Reply. |