DEFCON: Offensive Malware Analysis: Dissecting OSX FruitFly

Making a custom command and control (C&C) server for another person’s malware has a heap of advantages. If you can take over it a domain, you then may able to fully hijack other hackers’ infected hosts. A more common advantage is speeding up investigation. While programmers and governments might be more inspired by the previous, malware experts can profit by the later.

FruitFly, the main OS X/macOS malware of 2017, is a somewhat interesting example. Specifically focusing on biomedical research foundations, it is thought to have flown under the radar for a long time. In this discussion, we’ll concentrate on the ‘B’ variation of FruitFly that even now, is just recognized by a modest bunch of security items.

This DEFCON talk start by breaking down the malware’s dropper, obfuscated perl script. As this dialect is somewhat antiquated and remarkable in malware droppers, we’ll talk about some investigating methods and completely deconstruct the script.

While this dropper part additionally speaks with the C&C server and backings some essential orders, it drops a twofold payload keeping in mind the end goal to perform more perplexing activities. Be that as it may, rather than completely switching this bit of the malware, the discussion will concentrate on an underlying triage and show how this was adequate for the production of a custom C&C server. With such a server, we can without much of a stretch pressure the malware to uncover it’s full capacities. For instance, the malware summons a modest bunch of low-level mouse and illustrations APIs, going in an assortment of dynamic parameters. Rather than investing hours turning around and investigating this mind boggling code, through the C&C server, we can just send it different orders and watch the impacts.

Obviously this approach relies on the capacity to nearly watch the malware’s activities. In that capacity, Patrick will examine macOS-particular devices that can screen different occasions, and where essential detail the formation of custom ones (e.g. a ‘mouse sniffer’ that locally watches and unravels summons sent from the malware to the OS, keeping in mind the end goal to control the mouse).

While some of this discussion is FruitFly and additionally macOS particular, adroitly it ought to extensively apply to dissecting other malware, even on other operating frameworks.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What is ethical hacking and how you can start?

The world is relying on the internet increasingly every day. Banking, e-commerce, social media, and all manner of government and industrial systems are now...

The Lies of VPN Service Providers

Privacy, anonymity, and security is the main concern for an online user. Many VPN service providers claim that their service helps the user protect...

4 Easy Ways To Help Your Startup Stand Out

There has not been a time in modern history more competitive for new businesses than now. In some ways, this is a very good...

Top Suggestions To Minimize Cyber Attack Risks

The Cyber Protection and Cyber Attack definition play an important role in maintaining both global security and operational productivity due to the rapid proliferation...


Then sign up for FREE to the ehacking’s exclusive group. You will get the exclusive tips/tricks, tutorials, webinars & courses that I ONLY share with my fellow on this exclusive newsletter.