![When macOS gets frostbite. [Research Saturday] - podcast episode cover](https://assets.metacast.app/images/episode/artwork/6Ev9SbzA)
When macOS gets frostbite. [Research Saturday]
Dec 06, 2025•25 min•Season 9Ep. 404
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more
Episode description
Jaron Bradley, Director of Jamf Threat Labs, is sharing their work on "ChillyHell: A Deep Dive into a Modular macOS Backdoor." Jamf Threat Labs uncovers a newly notarized macOS backdoor called ChillyHell, tied to past UNC4487 activity and disguised as a legitimate applet.
The malware showcases robust host profiling, multiple persistence mechanisms, timestomping, and flexible C2 communications over both DNS and HTTP. Its modular design includes reverse shells, payload delivery, self-updates, and a brute-force component targeting user credentials.
The research can be found here:
Learn more about your ad choices. Visit megaphone.fm/adchoices
For the best experience, listen in Metacast app for iOS or Android