The offensive macOS cyber capabilities of the WINDSHIFT APT group provide us with the opportunity to gain insight into the Apple-specific approaches employed by an advanced adversary.
In this talk we’ll comprehensively dissect OSX.WindTape, a second-stage tool utilized by the WINDSHIFT APT group when targeting Apple systems.
First we’ll discuss the malware’s anti-analysis mechanisms, and then once these have been thwarted, we’ll explore its capabilities. To conclude, we’ll present heuristic methods that can generically both detect and prevent WindTape, as well as other advanced macOS threats.