Characterizing tactics, techniques, and procedures in the macOS threat landscape
Lastanao Miró, Daniel ; Carrillo-Mondéjar, Javier (Universidad de Zaragoza) ; Rodríguez, Ricarddo J. (Universidad de Zaragoza)
Resumen: As macOS systems increasingly become malware targets, understanding the tactics, techniques, and procedures (TTPs) used by adversaries is essential to improving defense strategies. This paper provides a systematic and detailed analysis of macOS malware using the MITRE ATT&CK; framework, focusing on TTPs at key stages of the malware attack cycle. Leveraging a comprehensive dataset of 57,636 macOS malware samples collected between November 2006 and October 2024, we employ both static and dynamic analysis techniques to uncover patterns in adversary behavior. Our analysis, primarily based on static analysis techniques, offers a broad representation of macOS malware and highlights common characteristics across samples. While we only partially explore dynamic behaviors, we identify recurring patterns that align with specific TTPs in the MITRE ATT&CK; framework, such as persistence and defense evasion. This mapping contributes to a more structured understanding of macOS threats and can help inform future detection and mitigation efforts.
Idioma: Inglés
DOI: 10.1016/j.cose.2025.104806
Año: 2026
Publicado en: COMPUTERS & SECURITY 162 (2026), 104806 [17 pp.]
ISSN: 0167-4048
Financiación: info:eu-repo/grantAgreement/ES/DGA/T21-23R
Financiación: info:eu-repo/grantAgreement/ES/MCIU/PID2023-151467OA-I00
Financiación: info:eu-repo/grantAgreement/EUR/MICINN/TED2021-131115A-I00
Tipo y forma: Article (Published version)
Área (Departamento): Área Lenguajes y Sistemas Inf. (Dpto. Informát.Ingenie.Sistms.)
You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use. You may not use the material for commercial purposes.
Exportado de SIDERAL (2026-02-09-14:42:47)
Visitas y descargas
Idioma: Inglés
DOI: 10.1016/j.cose.2025.104806
Año: 2026
Publicado en: COMPUTERS & SECURITY 162 (2026), 104806 [17 pp.]
ISSN: 0167-4048
Financiación: info:eu-repo/grantAgreement/ES/DGA/T21-23R
Financiación: info:eu-repo/grantAgreement/ES/MCIU/PID2023-151467OA-I00
Financiación: info:eu-repo/grantAgreement/EUR/MICINN/TED2021-131115A-I00
Tipo y forma: Article (Published version)
Área (Departamento): Área Lenguajes y Sistemas Inf. (Dpto. Informát.Ingenie.Sistms.)
You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use. You may not use the material for commercial purposes. Exportado de SIDERAL (2026-02-09-14:42:47)
Permalink:
Visitas y descargas
Este artículo se encuentra en las siguientes colecciones:
Articles > Artículos por área > Lenguajes y Sistemas Informáticos
Record created 2026-02-09, last modified 2026-02-09