2019
DOI: 10.1007/s11416-019-00335-w
|View full text |Cite
|
Sign up to set email alerts
|

Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques

Abstract: With macOS increasing popularity, the number, and variety of macOS malware are rising as well. Yet, very few tools exist for dynamic analysis of macOS malware. In this paper, we propose a macOS malware analysis framework called Mac-A-Mal. We develop a kernel extension to monitor malware behavior and mitigate several anti-evasion techniques used in the wild. Our framework exploits the macOS features of XPC service invocation that typically escape traditional mechanisms for detection of children processes. Perfo… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1

Citation Types

0
3
0

Year Published

2020
2020
2022
2022

Publication Types

Select...
3
2

Relationship

0
5

Authors

Journals

citations
Cited by 5 publications
(3 citation statements)
references
References 5 publications
0
3
0
Order By: Relevance
“…A behavior-based IPS/IDS or antivirus can detect obfuscated malware by applying a process-tracing technique [35]. However, if a malicious attacker applies a packing or protector technique to malware, it stops the antivirus; thus, a malicious attacker can bypass the behavior-based detection technique.…”
Section: Security Technique Applicationmentioning
confidence: 99%
“…A behavior-based IPS/IDS or antivirus can detect obfuscated malware by applying a process-tracing technique [35]. However, if a malicious attacker applies a packing or protector technique to malware, it stops the antivirus; thus, a malicious attacker can bypass the behavior-based detection technique.…”
Section: Security Technique Applicationmentioning
confidence: 99%
“…Finally, if there is kernel-level access, approaches such as Mac-A-Mal [47] may efficiently detect evasion mechanisms. The corresponding system calls can be captured and dealt with appropriately to prevent the malware from identifying the existence of a virtual environment or a debugger.…”
Section: Countermeasuresmentioning
confidence: 99%
“…proposed Mac-A-Mal, a framework for analyzing Mac based malware [27]. Pham et al developed a kernel extension to monitor malware behavior and bypass several evasion prevention techniques used in the wild, which uncovered 74 unknown malware programs.…”
Section: Related Workmentioning
confidence: 99%