VirusTotal invites Apple fans to play in updated Mac malware sandpit

But Macs don't get viruses ... Oh they do, and increasingly often says Google infosec unit

Google's VirusTotal will begin executing Mac apps to test for malicious activity following an uptick in reports of malware targeting Apple's desktop operating system.

The virus scanner is popular with black hats, white hats and everyday users and tries to determine if antivirus mechanisms will flag malware. The service's sandbox execution provides greater behavioural insight into Mac malware. That modus operandi makes the service a closer indication of true antivirus accuracy since scanning alone will not catch malware that is more noticeable on execution.

VirusTotal boffin Karl Hiramoto (@karlhiramoto) says Mach-O executables, DMG and ZIP files can now be analysed.

But many capable malware variants sport anti-analysis tricks as the endless cat-and-mouse game between VXers and researchers plays out.

Smart malware writers will write in capabilities to detect common sandboxes and analysis tools that researchers and the likes of VirusTotal may use.

If malware finds it is being executed in a sandbox, it may either shut down or launch benign actions to throw researchers off the scent.

It is unknown how such malware will fare in the VirusTotal environment.

Malware fans can upload their suspect applications for execution through the VirusTotal uploader or through the API. ®

Sponsored: How to Process, Wrangle, Analyze and Visualize your Data with Three Complementary Tools


Biting the hand that feeds IT © 1998–2019