Foreword

Apple’s macOS—Darwin—has evolved considerably in the past two decades. From a relatively niche operating system trailing way behind Microsoft’s Windows, macOS has slowly but surely gained acceptance. People all over the world started realizing its powerful capabilities, coupled with the Mac’s superior hardware and integration into the Apple ecosystem, spearheaded by the iPhone.

But with widespread adoption came widespread threats. Gone were the days of the “Mac versus PC” ads, showing the PC as a sniffling, virus-infected system, while the Mac chuckles them away. Viruses, spyware, ransomware, and other malware have dramatically exploded, and by now it seems that every week some new variant emerges. Malware authors found the Mac to be a ripe breeding ground for exploitation and proliferation.

In the face of this new normal, action was needed. Although Apple integrated its own frameworks (XProtect and, more recently, Endpoint Security) and YARA antivirus signatures, there was still a gaping void when it came to intrusion detection and Mac malware detection and prevention tools.

Into this chasm stepped Patrick. “That macOS Malware guy” started churning out a cornucopia of free and effective security and analytics tools, through the Objective-See website. By now, Pat’s GitHub repository sports some two dozen tools, which have managed to level the playing field a little, giving power users the ability to monitor what goes on inside their Mac, detecting (and hopefully preventing) compromises.

The tools are open source, yet it’s doubtful how many people pore over sources. This is where this book fills another lacuna—explicating the ins and outs of Malware in a much-needed book. From the basics through infection vectors to the various analysis methods and techniques, Patrick elucidates Mac malware, drawing on the (unfortunately) many real-life examples.

In a perfect world, viruses—both biological and computerized—would be easy to vanquish. Not so in ours. Thus, research into how they work, and how to prevent them—whether proactively and reactively, or a combination of techniques—is paramount.

—Jonathan Levin,

Author of the “macOS/iOS (*OS) Internals” trilogy