ChillyHell malware continues to go undetected on macOS, according to Jamf

Macworld

Jamf Threat Labs has released a new report on Mac malware. Dubbed ChillyHell, the malware was first discovered in 2021 and privately reported by cybersecurity firm Mandiant in 2023. This past May, Jamf spotted a new sample of ChillyHell on VirusTotal, a website used to analyze suspicious files and URLs, indicating new activity for the malware.

On an infected Mac, ChillyHell can collect information such as usernames and passwords. What makes ChillyHell unique is that it can perform timestomping (the ability to alter its timestamps on its files) and switch the C2 protocols it uses, all in an effort to avoid detection.

According to Jamf’s report, the developer certificates associated with ChillyHell have been revoked. That does not mean that ChillyHell is no longer available in the wild, but the efforts to develop it further have been hindered.

How to protect yourself from malware

The easiest way to protect yourself from malware is to avoid downloading software from repositories such as GitHub and other download sites. Apple has vetted software in the Mac App Store, and it is the safest way to get apps. If you prefer not to patronize the Mac App Store, then buy software directly from the developer and their website. If you insist on using cracked software, you will always risk malware exposure.

Never open links in emails or texts you receive from unknown and unexpected sources. If you get a message that looks like it is from an entity that you do business with, check the sender’s email address and inspect the URL carefully. If you see a link or button, you can Control-click it, select Copy Link Address, and then paste it into a text editor to see the actual URL to check it there.

Macworld has several guides to help, including a guide on whether or not you need antivirus software, a list of Mac viruses, malware, and trojans, and a comparison of Mac security software.

Apple has protections in place within macOS, and the company releases security patches through OS updates, so it’s important to install them when they are available. If Apple pulls back an update, the company will reissue it as soon as it is properly revised with corrections.