Presentation information

A true virus on macOS
FREE REGISTRATION

A true virus on macOS

Patrick Wardle (Jamf)
live only
19:30 UTC on Day 2
THURSDAY 01 OCTOBER

Downloads

Unlike years ago, modern malware rarely possesses true viral capabilities. But alas, 2020 is full of (unfortunate) surprises! This talk will provide a comprehensive analysis of a recent macOS threat named EvilQuest. Though initially thought to be a rather mundane piece of ransomware, further analysis revealed something far more powerful and insidious. So listen in, as we detail its infection vector, persistence mechanism, and anti-analysis logic, as well as its (surprising) viral capabilities, file exfiltration logic, remote tasking capabilities, and ransomware logic. We'll wrap up the talk by discussing IOCs and (generic) behaviour-based detection approaches.
Patrick Wardle
Jamf Patrick Wardle is the Principal Security Researcher at Jamf and founder of Objective-See. Having worked at NASA and the NSA, as well as presented at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0-days, analysing macOS malware and writing free open-source security tools to protect Mac users.
arrow left Back

A true virus on macOS

19:30 - 20:00 UTC Thu 1 Oct 2020
Patrick Wardle (Jamf)
Unlike years ago, modern malware rarely possesses true viral capabilities. But alas, 2020 is full of (unfortunate) surprises! This talk will provide a comprehensive analysis of a recent macOS threat named EvilQuest. Though initially thought to be a rather mundane piece of ransomware, further analysis revealed something far more powerful and insidious. So listen in, as we detail its infection vector, persistence mechanism, and anti-analysis logic, as well as its (surprising) viral capabilities, file exfiltration logic, remote tasking capabilities, and ransomware logic. We'll wrap up the talk by discussing IOCs and (generic) behaviour-based detection approaches.
Patrick Wardle
Jamf Patrick Wardle is the Principal Security Researcher at Jamf and founder of Objective-See. Having worked at NASA and the NSA, as well as presented at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0-days, analysing macOS malware and writing free open-source security tools to protect Mac users.