Home > Articles > Characterizing tactics, techniques, and procedures in the macOS threat landscape > MARC 
000168528 001__ 168528
000168528 005__ 20260209162330.0
000168528 0247_ $$2doi$$a10.1016/j.cose.2025.104806
000168528 0248_ $$2sideral$$a147941
000168528 037__ $$aART-2026-147941
000168528 041__ $$aeng
000168528 100__ $$aLastanao Miró, Daniel
000168528 245__ $$aCharacterizing tactics, techniques, and procedures in the macOS threat landscape
000168528 260__ $$c2026
000168528 5060_ $$aAccess copy available to the general public$$fUnrestricted
000168528 5203_ $$aAs macOS systems increasingly become malware targets, understanding the tactics, techniques, and procedures (TTPs) used by adversaries is essential to improving defense strategies. This paper provides a systematic and detailed analysis of macOS malware using the MITRE ATT&CK framework, focusing on TTPs at key stages of the malware attack cycle. Leveraging a comprehensive dataset of 57,636 macOS malware samples collected between November 2006 and October 2024, we employ both static and dynamic analysis techniques to uncover patterns in adversary behavior. Our analysis, primarily based on static analysis techniques, offers a broad representation of macOS malware and highlights common characteristics across samples. While we only partially explore dynamic behaviors, we identify recurring patterns that align with specific TTPs in the MITRE ATT&CK framework, such as persistence and defense evasion. This mapping contributes to a more structured understanding of macOS threats and can help inform future detection and mitigation efforts.
000168528 536__ $$9info:eu-repo/grantAgreement/ES/DGA/T21-23R$$9info:eu-repo/grantAgreement/ES/MCIU/PID2023-151467OA-I00$$9info:eu-repo/grantAgreement/EUR/MICINN/TED2021-131115A-I00
000168528 540__ $$9info:eu-repo/semantics/openAccess$$aby-nc$$uhttps://creativecommons.org/licenses/by-nc/4.0/deed.es
000168528 655_4 $$ainfo:eu-repo/semantics/article$$vinfo:eu-repo/semantics/publishedVersion
000168528 700__ $$aCarrillo-Mondéjar, Javier$$uUniversidad de Zaragoza
000168528 700__ $$0(orcid)0000-0001-7982-0359$$aRodríguez, Ricarddo J.$$uUniversidad de Zaragoza
000168528 7102_ $$15007$$2570$$aUniversidad de Zaragoza$$bDpto. Informát.Ingenie.Sistms.$$cÁrea Lenguajes y Sistemas Inf.
000168528 773__ $$g162 (2026), 104806 [17 pp.]$$pComput. secur.$$tCOMPUTERS & SECURITY$$x0167-4048
000168528 8564_ $$s3256394$$uhttps://zaguan.unizar.es/record/168528/files/texto_completo.pdf$$yVersión publicada
000168528 8564_ $$s2648175$$uhttps://zaguan.unizar.es/record/168528/files/texto_completo.jpg?subformat=icon$$xicon$$yVersión publicada
000168528 909CO $$ooai:zaguan.unizar.es:168528$$particulos$$pdriver
000168528 951__ $$a2026-02-09-14:42:47
000168528 980__ $$aARTICLE
Universidad de Zaragoza Repository :: Search :: Submit :: Personalize :: Help
Si necesita soporte, utilice Ayudica

© Biblioteca Universidad de Zaragoza
© Servicio de Informática y Comunicaciones de la Universidad de Zaragoza
Aviso legal | Condiciones de uso | Política de privacidad
Política del Repositorio

This site is also available in the following languages:
English  Español  Français