VB Migration

VB2019 paper: Never before had Stierlitz been so close to failure (or: what is a Soviet super-spy doing in a popular bundleware for Mac?)

Over the years, many ‘potentially unwanted applications’ have plagued

macOS

in the same way they have plagued other platforms. Though anti-virus isn’t ubiquitous on Macs, detecting such PUAs usually isn’t a difficult problem.

However, there are exceptions. One such exception is a popular yet unnamed piece of ‘bundleware’ that was analysed by

Sophos

researcher Sergei Shevchenko in a paper presented at VB2019 in London. The bundleware performs many obfuscation and anti-analysis techniques that are typical of malware and is used to download other software on systems on which it is installed.

schema_engine.png

Today we publish Sergei’s paper in both

HTML

and

PDF

format. We have also uploaded the recording of his presentation at VB2019 in London to our

YouTube

channel.

VB2019-conference-paper.jpg
Never before had Stierlitz been so close to failure (or: what is a Soviet super-spy doing in a popular bundleware for Mac?)


Read the paper (HTML)


Download the paper (PDF)

Posted

in

by

root

Tags:

, , , , ,

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *