The Art of Mac Malware, Volume 2

by Patrick Wardle

January 2025, 384 pp

ISBN-13:

9781718503786

The Art of Mac Malware, Volume 2 is a comprehensive guide to the programmatic approaches you can use to detect and protect against macOS malware.

You'll learn how to write code that gathers data from a macOS system such as running processes, loaded libraries, network connections, and much more, then tour the many techniques used by actual malware specimens to evade detection. Next, you'll programmatically observe the activity on a macOS system and learn how to determine whether any of the collected data indicates an infection by classifying it as benign, anomalous, or clearly suspicious. Finally, you'll put this information together to build your own security tools for macOS, ranging from simple process and network monitors to fully featured products capable of detecting and thwarting even the most sophisticated macOS threats.

Author Bio

Patrick Wardle is the creator of the Mac security website and tool suite Objective-See. Having worked at NASA and the NSA, as well as presented at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware, and writing free open-source security tools to protect Mac users.

Table of contents

Foreword
Acknowledgments
Introduction

Part I: Data Collection
Chapter 1. Examining Processes
Chapter 2. Parsing Binaries
Chapter 3. Code Signing
Chapter 4. Network State and Statistics
Chapter 5. Persistence

Part II: System Monitoring
Chapter 6. Log Monitoring
Chapter 7. Network Monitoring
Chapter 8. Endpoint Security
Chapter 9: Muting and Authorization Events

Part III: Tool Creation
Chapter 10: Persistence Enumerator
Chapter 11: Persistence Monitor
Chapter 12: Mic and Webcam Monitor
Chapter 13: DNS Monitor
Chapter 14. Case Studies

Index

The chapters in red are included in this Early Access PDF.