The Art of Mac Malware, Volume 1 Cover

The Art of Mac Malware, Volume 1

The Guide to Analyzing Malicious Software
by Patrick Wardle
June 2022, 328 pp.
ISBN-13: 
9781718501942
Lay-flat binding

Download Chapter 2: PERSISTENCE

Look Inside!

The Art of Mac Malware back coverThe Art of Mac Malware interior spreadThe Art of Mac Malware interior spreadThe Art of Mac Malware interior spreadThe Art of Mac Malware interior spreadThe Art of Mac Malware interior spread

Defenders must fully understand how malicious software works if they hope to stay ahead of the increasingly sophisticated threats facing Apple products today. The Art of Mac Malware, Volume 1: The Guide to Analyzing Malicious Software is a comprehensive handbook to cracking open these malicious programs and seeing what’s inside.

Discover the secrets of nation state backdoors, destructive ransomware, and subversive cryptocurrency miners as you uncover their infection methods, persistence strategies, and insidious capabilities. Then work with and extend foundational reverse-engineering tools to extract and decrypt embedded strings, unpack protected Mach-O malware, and even reconstruct binary code. Next, using a debugger, you’ll execute the malware, instruction by instruction, to discover exactly how it operates. In the book’s final section, you’ll put these lessons into practice by analyzing a complex Mac malware specimen on your own.

You’ll learn to:

  • Recognize common infections vectors, persistence mechanisms, and payloads leveraged by Mac malware
  • Triage unknown samples in order to quickly classify them as benign or malicious
  • Work with static analysis tools, including disassemblers, in order to study malicious scripts and compiled binaries
  • Leverage dynamical analysis tools, such as monitoring tools and debuggers, to gain further insight into sophisticated threats
  • Quickly identify and bypass anti-analysis techniques aimed at thwarting your analysis attempts

A former NSA hacker and current leader in the field of macOS threat analysis, Patrick Wardle uses real-world examples pulled from his original research. The Art of Mac Malware, Volume 1: The Guide to Analyzing Malicious Software is the definitive resource to battling these ever more prevalent and insidious Apple-focused threats.

Author Bio 

Patrick Wardle is the creator of the Mac security website and tool suite Objective-See. Having worked at NASA and the NSA, as well as presented at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware, and writing free open-source security tools to protect Mac users.

Table of contents 

Introduction

Part I: Malware Basics
Chapter 1: Infection Vectors
Chapter 2: Persistence
Chapter 3: Capabilities

Part II: Malware Analysis
Chapter 4: Non-binary Analysis
Chapter 5: Binary Triage
Chapter 6: Disassembly and Decompilation
Chapter 7: Dynamic Analysis Tools
Chapter 9: Anti-Analysis

Part III: Analyzing EvilQuest
Chapter 10: Infection, Triage, and Anti-Analysis
Chapter 11: Persistence and Capabilities

Reviews 

"[The Art of Mac Malware] serves as a valuable resource for anyone looking to level up their skills to stay on top of the latest macOS threats. Patrick's approachable, educating writing style and extensive knowledge in this field made him the ideal author to write this book."
—Maria Markstedter, @Fox0x01, Forbes Person Of The Year In Cybersecurity

"Mac doesn’t face the same level of malware threat that Windows users experience. However, it is possible to create malware for macOS and the excellent book, The Art of Mac Malware, goes into a lot of detail."
—Security Boulevard

"Awesome job keeping readers hooked."
—Tony Lambert, @ForensicITGuy

"An awesome researcher writing for my favorite publisher . . . If you’re interested in Mac malware, I highly recommend!"
—Francisco Donoso, @Francisckrs

Read Karsten Kisser's German-language review in Heise Magazine.

Updates 

View the latest errata.