Fun With Flags Tasks
While reading this blog post over Christmas, I learned of a VS Code feature that I was previously unaware of. According to the official documentation the tasks feature is intended to provide a bridge between VS Code and external applications for task automation, such as running builds without leaving the IDE. However, as discussed in the Open Source Malware post, attackers are abusing this feature to trigger execution of shell commands when the repo is opened in the IDE.
Hiding Compiled AppleScripts
Following a recent blog post covering the increasingly common use of compiled AppleScripts in malware, I wanted to explore methods to further hide malicious scripts and reduce the chance of detection.
macOS DMG Malware
As macOS endpoint controls continue to evolve, adversaries are consistently adapting their TTPs to defeat Apple’s ever-changing security frameworks. Although .dmg files remain a popular initial access vector, the traditional “right-click and open” method has become largely ineffective—especially with the security enhancements introduced in macOS Sequoia.
This analysis delves into some contemporary disk-image malware campaigns, their execution primitives and obfuscation techniques.