Covering the global threat landscape

Malware analysis: tools and methodologies for Apple Mac OS X and iOS devices

Methusela Cebrian Ferrer Microsoft

The increasing reliance on the global inter-connectivity of devices, data and people brings a new and ever-changing set of security challenges. For instance, malicious and potentially unwanted tools are widely available - relatively easy to acquire and weaponize. However, a more tempting target may lie in the rich opportunity of data and information stored and shared in connected digital space.

Apple Mac OS X and iOS users are not isolated in this case; in fact, in recent years, we have discussed how these platforms are affected and how they share the same security concerns. However, investigating and conducting analysis of malicious code can be very challenging on Apple devices, due to the fact that there is limited published research in this field.

This paper proposes to discuss how to set up a multi-user threat research lab environment for these platforms. The study includes an evaluation of available and open-source tools for the purpose of identifying, dissecting and monitoring malicious behaviour, examining why they are useful, and detailing relevant system artifacts - files and directories where users' valuable data and information are stored. It provides analysis of real threats from the wild as examples to emphasize the utility of static and dynamic analysis. Furthermore, it outlines the limitations and provides recommended options for users to consider. Overall, this paper aims to provide useful guidance and a starting point for individuals and the research community who may be pursuing an interest in malware on this platform.