macOS Malware Development II

2 0xf00sec 0 5/9/2025, 1:57:22 PM

This article is a deep technical dive into custom macOS malware development, centered on building a self-mutating loader using Mach-O internals and native Darwin APIs. It details the architecture of a polymorphic engine divided into two phases: a parent process responsible for payload mutation and re-encryption, and a mutant process that executes the evolved code. The piece explores techniques such as fileless execution, runtime mutation, in-memory encryption, and command-and-control via dead-drop, all implemented entirely through native APIs and low-level Mach-O manipulation.

https://0xf00sec.github.io/0x22

Worlds first AMD GPU driven over USB 3 (twitter.com)

Groom of the Stool – The worst job in history? (historic-uk.com)

Public Relations Spending by Police (2023) (equalityalec.substack.com)

Public Relations Spending By Police [broken link] (open.substack.com)

The six strongest materials on Earth are harder than diamonds (bigthink.com)

Apocalypse Now (betterwithout.ai)

NY lawmakers add disclaimer to AI chatbots: They aren't human (gothamist.com)

Network Account Management (docs.bsky.app)

Show HN: Cloud Coding Agents in VSCode (augmentcode.com)

Frequency of Papal Names (johndcook.com)

Infinite TTY pixel art editor written in Rust (github.com)

Air Force pilots get innovative gear to 'go' while in the air (stripes.com)

Cinnamon could interact with some prescription medication according to new study (cnn.com)

The data survey disconnect and the dollar (kennethrogoff.substack.com)

Newark Mayor Ras Baraka Arrested at ICE Detention Center in NJ (pix11.com)

How many gadgets have YOU owned on the eWaste Graveyard? [video] (youtube.com)

Career Progression: How to Use 30, 60, and 90 Days Approach (diamantinoalmeida.com)

Overcoming Self-Doubt: A Practical Guide to Building Lasting Confidence (diamantinoalmeida.com)

The Acid King (rollingstone.com)

Japanese PhD Student Has Visa Revoked in the US Due to Alleged Criminal History (tokyoweekender.com)

Israel's NSO Group ordered to pay nearly $170M to WhatsApp for hacking accounts (politico.com)

Revisiting Lower Bounds for Two-Step Consensus (arxiv.org)

Show HN: Bardmore – AI Speech Analysis and Feedback (bardmore.com)

How Being Watched Changes How You Think (scientificamerican.com)

Why everybody's drinking milk again (thehustle.co)

Perplexity Hacked Its Growth – Everything You Can Adopt from It

Pope Leo XIV–why does this matter to the worlds of art and heritage? (theartnewspaper.com)

The post-screen future does not exist (chrbutler.com)

NSF Unidata Pause in Most Operations (unidata.ucar.edu)

Start, Fresh – Redesigning the Windows Start Menu for You (microsoft.design)

Joys and sorrows of designing a language [video] (youtube.com)

Designing an architecture using dark matter and dark energy (microservices.io)

CoreWeave seeks new $1.5B debt deal after downsized IPO (ft.com)

Show HN: Noti – Notes and reminders that live in your notification center (apps.apple.com)

Era of U.S. dollar may be winding down (news.harvard.edu)

Refactoring Agent for Bad Coders (github.com)

Extraterrestrial Tongues (aeon.co)

Added Quantum Field Theory to a Radiation Simulator for 22% Better Predictions (github.com)

CSS Snippets (adactio.com)

Engineering Design Optimization Textbook (mdobook.github.io)

Career Is Only Meaningful (substack.com)

Show HN: Free QR Code Generator (qrcode200.com)

I built a free energy engine and show how it works [video] (youtube.com)

Canadian companies shift focus to Europe for exports, growth (theglobeandmail.com)

Head of Library of Congress fired via email (usatoday.com)

Dysfunctional one-carbon metabolism identifies vitamins as neuroprotective (cell.com)

Reading "business" books is a waste of time (theorthagonist.substack.com)

The Limits of Reinforcement Learning (itcanthink.substack.com)

Landing Pages Became Predictable (geekvibesnation.com)

America's Coming Brain Drain (foreignaffairs.com)

macOS Malware Development II

Comments (0)