Macos — CraftedSignal Threat Feed

CUPS Vulnerability Allows Local Privilege Escalation

hello@craftedsignal.io — Thu, 30 Apr 2026 09:43:58 +0000

A vulnerability exists within the Common Unix Printing System (CUPS), a widely used printing system on Linux and macOS. A local attacker can leverage this flaw to execute arbitrary code with elevated, administrator-level privileges. While the specific details of the vulnerability are not provided in this brief, successful exploitation would grant the attacker full control over the affected system. Apple is the primary maintainer of CUPS. Defenders should focus on identifying and mitigating potential exploitation attempts by monitoring for suspicious CUPS-related processes and file modifications.

Attack Chain

The attacker gains initial local access to the target system through legitimate means or by exploiting a separate vulnerability.
The attacker identifies the vulnerable CUPS service running on the system.
The attacker crafts a malicious payload designed to exploit the CUPS vulnerability. This payload could be a specially crafted print job or a manipulated configuration file.
The attacker executes the malicious payload, triggering the vulnerability in CUPS.
Due to the vulnerability, CUPS executes the attacker’s code with administrator privileges.
The attacker uses the elevated privileges to install persistent backdoors, modify system configurations, or escalate privileges further.
The attacker moves laterally within the network or exfiltrates sensitive data.
The final objective is complete system compromise, data theft, or disruption of services.

Impact

Successful exploitation of this CUPS vulnerability allows a local attacker to gain complete control over the affected system. This could lead to data theft, system disruption, or the installation of persistent backdoors. The widespread use of CUPS in Linux and macOS environments makes this a significant threat. If successfully exploited, attackers can achieve complete system compromise and potentially move laterally within the network.

Recommendation

Monitor for suspicious CUPS processes being spawned by unusual parent processes using the CUPS Spawning Suspicious Processes Sigma rule.
Inspect CUPS configuration files for unauthorized modifications using the CUPS Configuration File Modification Sigma rule.
Investigate any unexplained privilege escalation events originating from the CUPS service.

Bad Apples: Weaponizing Native macOS Primitives for Lateral Movement and Execution

hello@craftedsignal.io — Tue, 21 Apr 2026 10:01:16 +0000

With macOS adoption growing in enterprise environments, particularly among developers and DevOps teams, it has become an attractive target for malicious actors. This report highlights the under-documented “living-off-the-land” (LOTL) techniques specific to macOS. Attackers are exploiting native features like Remote Application Scripting (RAS) to achieve remote execution and are abusing Spotlight metadata (Finder comments) for payload staging, evading traditional static file analysis. Additionally, attackers can use built-in protocols such as SMB, Netcat, Git, TFTP, and SNMP to establish persistence and move toolkits. Defenders should shift their focus from static file scanning to monitoring process lineage, inter-process communication (IPC) anomalies, and enforcing strict MDM policies to disable unnecessary administrative services.

Attack Chain

Initial Access: The attacker gains initial access to a macOS system, possibly through spearphishing or exploiting a vulnerability in a network service (details of initial access aren’t specified in the provided document but is a necessary assumption for the rest of the chain).
Discovery: The attacker uses native tools to enumerate the environment, such as diskutil list to identify connected volumes.
Credential Access: The attacker attempts to access stored credentials, SSH keys, or cloud credentials.
Lateral Movement (RAS): The attacker leverages Remote Application Scripting (RAS) to remotely query Finder for mounted volumes using osascript -e 'tell application "Finder" to get the name of every disk' eppc://user:password@target_ip.
Remote Execution (RAS): The attacker uses RAS and Terminal.app as an execution proxy to bypass Apple’s security restrictions.
Payload Deployment (RAS/Base64): The attacker encodes a malicious script using Base64 and uses RAS to instruct the remote Terminal.app to decode the script to a temporary file and make it executable using chmod +x.
Payload Invocation (RAS/bash): The attacker uses a second RAS command to explicitly invoke the deployed script via bash, ensuring a proper shell context.
Persistence (SMB/Netcat/Git/TFTP/SNMP): The attacker utilizes built-in protocols such as SMB, Netcat, Git, TFTP, or SNMP to establish persistence on the compromised system.

Impact

Successful exploitation of these LOTL techniques allows attackers to bypass traditional security controls on macOS systems, leading to unauthorized access to sensitive data, source code repositories, and cloud infrastructure. With over 45% of organizations utilizing macOS, these attacks can result in significant financial losses, reputational damage, and disruption of business operations. Compromised developer or DevOps workstations can be leveraged as pivot points to further compromise production environments.

Recommendation

Monitor process creation events for osascript executing with the eppc:// URI to detect potential RAS-based lateral movement (see Sigma rule “Detect Remote Apple Event Lateral Movement”).
Monitor process creation for Terminal.app executing bash with command-line arguments indicative of Base64 decoding and execution to identify RAS-based remote execution attempts (see Sigma rule “Detect Terminal.app as Execution Proxy”).
Implement strict MDM policies to disable unnecessary administrative services and protocols like Remote Apple Events to reduce the attack surface.
Monitor inter-process communication (IPC) anomalies, particularly involving AppleEventsD, to identify suspicious activity related to RAS.
Enable Sysmon process-creation logging to capture the process lineage and command-line arguments necessary for the rules above.

First Time Python Process Creates macOS Launch Agent or Daemon

hello@craftedsignal.io — Wed, 08 Apr 2026 21:12:54 +0000

This threat brief highlights the malicious use of Python to establish persistence on macOS systems. Attackers can achieve Python code execution through various means, including malicious scripts, compromised dependencies, or even model file deserialization vulnerabilities (such as pickle or PyTorch __reduce__ exploits). Once code execution is achieved, attackers can drop plist files into LaunchAgent or LaunchDaemon directories, ensuring their payload survives reboots and user logouts. This persistence mechanism allows the attacker to maintain access and control over the compromised host. Legitimate Python processes typically do not create persistence mechanisms in this manner, making the first occurrence of such activity a strong indicator of compromise.

Attack Chain

The attacker gains initial access to the macOS system through methods such as exploiting vulnerabilities, social engineering, or phishing.
The attacker achieves code execution within a Python process. This can occur via a malicious script, a compromised Python package, or by exploiting deserialization vulnerabilities like pickle.load or torch.load.
The malicious Python script crafts a LaunchAgent or LaunchDaemon plist file. This plist file contains configuration details about the program to be executed, including its path, arguments, and execution triggers.
The Python process writes the crafted plist file to either the /Library/LaunchAgents/ (for user-level persistence) or /Library/LaunchDaemons/ (for system-level persistence) directory.
The LaunchAgent or LaunchDaemon is automatically loaded by launchd at login or boot, according to the configuration specified in the plist file.
The program specified in the plist file is executed, giving the attacker persistent access to the compromised system.
The attacker can then use this persistent access to perform various malicious activities, such as data exfiltration, lateral movement, or deploying additional malware.

Impact

A successful attack can lead to persistent compromise of macOS systems. Attackers can maintain unauthorized access, execute arbitrary code, steal sensitive data, or use the compromised system as a foothold for further attacks within the network. The impact can range from individual user data theft to widespread organizational breaches, depending on the attacker’s objectives and the system’s role within the network.

Recommendation

Deploy the Sigma rule “Detect Python Launch Agent/Daemon Creation” to your SIEM to identify when a Python process creates a LaunchAgent or LaunchDaemon plist file.
Enable Elastic Defend endpoint logging to capture event.action:"launch_daemon" events, which are necessary for the Sigma rule to function correctly.
Prioritize investigation of alerts generated by the Sigma rule, focusing on understanding the program arguments, run-at-load configuration, and keep-alive settings within the created plist file.
Implement strict dependency management and vulnerability scanning for Python environments to prevent the use of compromised packages.
Monitor for processes loading model files (torch.load, pickle.load) and investigate any suspicious activity to prevent exploitation of deserialization vulnerabilities.

Electron Use-After-Free Vulnerability in PowerMonitor Module

hello@craftedsignal.io — Fri, 03 Apr 2026 02:39:52 +0000

A use-after-free vulnerability has been identified in the powerMonitor module of Electron versions prior to 38.8.6, between 39.0.0-alpha.1 and 39.8.1, between 40.0.0-alpha.1 and 40.8.0, and between 41.0.0-alpha.1 and 41.0.0-beta.8. This vulnerability occurs when the native PowerMonitor object is garbage-collected, but associated OS-level resources (message window on Windows, shutdown handler on macOS) retain dangling references. This issue can lead to a crash or memory corruption when a session-change event on Windows or system shutdown on macOS attempts to dereference the freed memory. All Electron applications that utilize the powerMonitor module and its events (e.g., suspend, resume, lock-screen) are potentially vulnerable. Defenders should prioritize patching Electron to the fixed versions to mitigate the risk.

Attack Chain

An Electron application is built using a vulnerable version of Electron (e.g., 38.8.5).
The application utilizes the powerMonitor module to listen for system power events.
The application runs on a Windows or macOS system.
The native PowerMonitor object is garbage-collected by the JavaScript engine. The associated OS-level resources on Windows (message window) or macOS (shutdown handler) are not properly released.
A session-change event occurs on Windows (e.g., user lock/unlock) or a system shutdown is initiated on macOS.
The OS attempts to notify the previously freed PowerMonitor object about the session change or shutdown event.
The OS dereferences the dangling pointer, leading to a use-after-free condition.
The application crashes or experiences memory corruption, potentially leading to denial of service or other undefined behavior.

Impact

Successful exploitation of this use-after-free vulnerability can lead to application crashes and potential memory corruption. The impact affects any Electron application that uses the powerMonitor module, potentially disrupting application functionality and causing data loss. The vulnerability affects all platforms where Electron applications are deployed, specifically Windows and macOS. The severity is high due to the potential for application instability and the lack of application-side workarounds, requiring a patch to the Electron framework itself.

Recommendation

Upgrade Electron to a patched version (41.0.0-beta.8, 40.8.0, 39.8.1, or 38.8.6) to resolve the use-after-free vulnerability in the powerMonitor module.
Monitor application crash logs for indicators of use-after-free conditions, especially following session-change events on Windows or system shutdowns on macOS.
Implement application monitoring to detect unexpected memory corruption events, which could be a sign of successful exploitation.
Contact security@electronjs.org for any questions or comments about the advisory.

CVE-2024-44250: macOS Sequoia Privilege Escalation Vulnerability

hello@craftedsignal.io — Thu, 02 Apr 2026 19:18:28 +0000

CVE-2024-44250 is a vulnerability affecting macOS Sequoia 15.1. It’s a permission issue that allows a malicious application to bypass its designated sandbox and execute arbitrary code with elevated privileges. This means an attacker could potentially gain unauthorized access to sensitive data, modify system settings, or even take complete control of the affected system. The vulnerability was disclosed and patched by Apple in macOS Sequoia 15.1. Successful exploitation could lead to significant compromise of the targeted macOS system, granting the attacker capabilities beyond those intended for the application. Defenders should prioritize patching and monitor for suspicious application behavior.

Attack Chain

A user installs a seemingly benign application (e.g., from a compromised software repository or via social engineering).
The application, designed to exploit CVE-2024-44250, attempts to perform an action requiring elevated privileges.
Due to the permission issue, the application bypasses the sandbox restrictions.
The application executes arbitrary code with the gained elevated privileges.
The attacker gains unauthorized access to sensitive data, such as user credentials or financial information.
The attacker modifies system settings, potentially disabling security features or installing persistent backdoors.
The attacker escalates privileges further, potentially gaining root access to the system.
The attacker can now execute any command, install malware, or exfiltrate data without restrictions, leading to a full system compromise.

Impact

Successful exploitation of CVE-2024-44250 can lead to arbitrary code execution with elevated privileges on macOS Sequoia 15.1 systems. This could lead to sensitive data theft, system modification, or complete system takeover. While the exact number of affected users is not specified, all users of macOS Sequoia prior to version 15.1 are potentially vulnerable. The affected sectors include any organization or individual using vulnerable macOS systems. If successful, this exploit could give attackers complete control of macOS endpoints.

Recommendation

Upgrade to macOS Sequoia 15.1 or later to patch CVE-2024-44250, as indicated in the overview.
Implement application allowlisting to prevent the execution of unauthorized or untrusted applications, mitigating exploitation attempts.
Monitor process creation events for unusual parent-child process relationships indicative of privilege escalation, using a detection rule similar to those provided below.
Enable and review system integrity protection (SIP) logs to detect attempts to bypass security restrictions.

Kubectl Network Configuration Modification

hello@craftedsignal.io — Wed, 01 Apr 2026 14:16:09 +0000

This detection rule identifies potential malicious activity involving the kubectl command-line tool, specifically focusing on modifications to network configurations within Kubernetes environments. The rule monitors for kubectl commands executed with arguments like “port-forward”, “proxy”, or “expose,” which can be used to manipulate network settings. The activity is considered suspicious when initiated from atypical parent processes or directories, such as temporary folders or user home directories. This behavior might indicate an adversary attempting to establish unauthorized access channels or exfiltrate sensitive data. The rule is designed to work with endpoint detection and response (EDR) solutions like Elastic Defend, Crowdstrike, SentinelOne, and cloud workload protection platforms. The rule was last updated on March 30, 2026, and is intended for use in production environments.

Attack Chain

An attacker gains initial access to a system with kubectl installed and configured to interact with a Kubernetes cluster.
The attacker executes the kubectl command with arguments like port-forward to create a local port that forwards traffic to a service or pod within the cluster.
The attacker uses kubectl proxy to create a proxy server that allows them to access the Kubernetes API server from their local machine.
The attacker employs kubectl expose to create a new service that exposes a deployment, replication controller, or pod as a new Kubernetes service, potentially opening up unintended access points.
The attacker may execute these commands from a shell like bash, or from a script located in a temporary directory like /tmp/ or /var/tmp/, to evade detection.
The attacker leverages the modified network configurations to establish unauthorized access to sensitive services or data within the Kubernetes cluster.
The attacker may use the proxied or forwarded connections to exfiltrate data from the cluster to an external location.

Impact

Successful exploitation via kubectl network configuration modification can lead to unauthorized access to sensitive data and services within a Kubernetes cluster. This can result in data breaches, service disruptions, and lateral movement within the cluster. The low severity score suggests that while the risk exists, the impact might be limited if proper Kubernetes security best practices are followed. The rule aims to detect these actions early, preventing potential damage to the cluster.

Recommendation

Enable Elastic Defend integration or equivalent EDR solutions to monitor process execution and network connections (Data Source: Elastic Defend, Data Source: Crowdstrike, Data Source: SentinelOne).
Deploy the provided Sigma rule to detect suspicious kubectl commands with network-related arguments (rules section). Tune the rule based on your environment to minimize false positives.
Investigate any alerts generated by the Sigma rule, focusing on the parent process and the command-line arguments of the kubectl command (rules section, Resources: Investigation Guide).
Implement enhanced monitoring and logging for kubectl activities and network configuration changes within the Kubernetes cluster to proactively detect and respond to similar threats in the future (Resources: Investigation Guide).

GhostLoader Malware Targeting macOS via GitHub and AI Workflows

hello@craftedsignal.io — Sat, 21 Mar 2026 13:03:03 +0000

GhostLoader is a malware campaign observed using GitHub repositories and AI-assisted development workflows to deliver malicious payloads specifically designed to steal credentials from macOS systems. The threat leverages the trust associated with software repositories and the increasing adoption of AI tools in development to potentially bypass security measures. While the exact start date of the campaign is not specified, the report from Jamf highlights its recent emergence as a notable threat. Defenders should prioritize monitoring for suspicious activity related to GitHub repositories and unusual AI-driven development processes. The targeted scope appears to be macOS users who engage with software development resources and AI-related tools.

Attack Chain

The attacker creates a seemingly legitimate software repository on GitHub.
The repository contains a project with files that may appear benign or related to AI workflows.
A malicious script or binary, named GhostLoader, is included within the repository or downloaded as a dependency.
A user downloads or clones the repository, potentially enticed by AI-assisted development features or other seemingly useful functionality.
The user executes the GhostLoader script or binary on their macOS system.
GhostLoader executes, initiating the credential-stealing process.
Stolen credentials are collected and potentially exfiltrated to a remote server controlled by the attacker.
The attacker uses the stolen credentials to gain unauthorized access to user accounts or sensitive systems.

Impact

The GhostLoader malware directly targets macOS systems and focuses on credential theft. Successful attacks can lead to unauthorized access to sensitive user accounts, intellectual property, and confidential data. The number of victims and specific sectors targeted remain unclear, but the use of GitHub and AI workflows suggests a focus on developers or users involved in AI-related activities. The compromise of credentials can have severe consequences, including financial loss, data breaches, and reputational damage.

Recommendation

Monitor process creation events on macOS for execution of unusual or unsigned binaries in user directories, potentially indicative of GhostLoader execution (see process creation rule).
Implement network monitoring to detect connections to known malicious infrastructure or unusual data exfiltration patterns after the execution of scripts from cloned GitHub repositories.
Educate developers and users about the risks of downloading and executing code from untrusted sources, particularly those related to AI-assisted workflows.
Enable and review macOS system logs for suspicious activity related to credential access and keychain modifications.

Malware Spreading Through Fake 'Claude Code' Google Ads

hello@craftedsignal.io — Sun, 15 Mar 2026 15:31:12 +0000

A malware campaign is underway, leveraging deceptive advertisements on Google that masquerade as legitimate ‘Claude Code’ software. The attackers are using these ads to direct unsuspecting users to malicious websites hosting malware payloads for both Windows and macOS systems. While specific details on the malware are limited, the campaign’s reliance on search engine advertisement poisoning indicates a broad targeting strategy aimed at users actively seeking ‘Claude Code’ related software or tools. This campaign highlights the increasing sophistication of threat actors in using search engine optimization (SEO) poisoning techniques to distribute malware. Defenders should be aware of the potential for users to be directed to malicious sites through search results.

Attack Chain

The attacker creates malicious advertisements on Google that mimic legitimate ‘Claude Code’ software or related tools.
Users searching for ‘Claude Code’ or related terms encounter the malicious advertisements in their search results.
Unsuspecting users click on the malicious advertisement, believing it to be a legitimate source for ‘Claude Code’.
The advertisement redirects the user to a malicious website controlled by the attacker.
The malicious website hosts malware payloads tailored for both Windows and macOS operating systems.
Upon visiting the site, the user is tricked into downloading and executing the malware, potentially through social engineering or drive-by download techniques.
The malware executes on the victim’s system, establishing persistence and potentially disabling security controls.
The malware performs its intended malicious activities, such as data theft, credential harvesting, or further malware deployment.

Impact

The impact of this campaign could be widespread, affecting both individual users and organizations who rely on ‘Claude Code’. Successful infection can lead to data theft, financial loss, and reputational damage. Given the use of Google Ads, the number of potential victims is substantial. The cross-platform nature of the attack further amplifies the risk, as it targets a broader range of users regardless of their operating system.

Recommendation

Implement browser security extensions and ad blockers to reduce the likelihood of users clicking on malicious advertisements.
Educate users about the risks of clicking on advertisements in search results and encourage them to verify the legitimacy of websites before downloading software.
Monitor network traffic for connections to newly registered domains or known malicious IP addresses associated with malware distribution.
Deploy endpoint detection and response (EDR) solutions to detect and prevent malware execution on both Windows and macOS systems.
Enable and review web proxy logs for user visits to suspicious domains.
Configure intrusion detection systems (IDS) to identify and block malicious traffic originating from advertisement networks.

GenAI Process Connection to Unusual Domain on macOS

hello@craftedsignal.io — Thu, 02 May 2024 14:22:30 +0000

This threat brief addresses the risk of GenAI tools on macOS connecting to unusual domains, which may indicate a compromised state. Attackers can exploit GenAI tools through prompt injection, malicious MCP (Model Context Protocol) servers, or poisoned plugins to establish command-and-control (C2) channels or exfiltrate sensitive data. Given the network access capabilities of AI agents, adversaries may manipulate them to beacon to external servers, download malicious payloads, or transmit harvested credentials and documents. The Elastic detection rule 9050506c-df6d-4bdf-bc82-fcad0ef1e8c1 focuses on identifying such anomalous network connections originating from a predefined list of GenAI processes, excluding known legitimate domains. The rule has been actively maintained since its creation on December 4, 2025, with its latest update on April 29, 2026.

Attack Chain

Adversary compromises a GenAI tool on a macOS system through prompt injection, malicious MCP servers, or poisoned plugins.
The compromised GenAI tool is configured to connect to an attacker-controlled domain for C2.
The GenAI process initiates a network connection attempt to the unusual domain using standard web protocols (HTTP/HTTPS).
The macOS system’s network stack resolves the attacker’s domain to its corresponding IP address.
The GenAI process sends data to the attacker-controlled domain, potentially including sensitive information.
The attacker uses the C2 channel to send commands to the compromised GenAI tool.
The GenAI tool executes the commands, potentially leading to further compromise or data exfiltration.

Impact

Compromised GenAI tools can lead to data exfiltration, unauthorized access to sensitive information, and the establishment of persistent C2 channels within an organization’s network. The impact ranges from the loss of intellectual property and customer data to the potential disruption of business operations. The risk is amplified if the GenAI tool has access to internal systems or sensitive data stores, allowing attackers to pivot and escalate their attacks.

Recommendation

Deploy the Sigma rule “GenAI Process Connecting to Unusual Domain” to your SIEM and tune for your environment (see rule below).
Enable process creation and network connection logging on macOS endpoints to collect the data required for the Sigma rule.
Investigate any alerts generated by the Sigma rule to determine the legitimacy of the domain and the GenAI process’s behavior.
Block any identified malicious domains at the network level (see query in the provided source).
Review the GenAI tool’s configuration for unauthorized MCP servers, plugins, or extensions that initiated the connection.
Regularly update the list of allowed domains in the Sigma rule’s filter to account for legitimate updates to GenAI tool infrastructure.

Spike in Bytes Sent to an External Device via Airdrop

hello@craftedsignal.io — Wed, 03 Jan 2024 15:30:00 +0000

This detection identifies potential data exfiltration attempts via Apple’s Airdrop feature. A machine learning job monitors the volume of data transferred to external devices and flags unusual spikes. While Airdrop facilitates legitimate file sharing between Apple devices, it can be abused by malicious actors to exfiltrate sensitive data. This rule leverages the “ded_high_bytes_written_to_external_device_airdrop_ea” machine learning job and requires the Data Exfiltration Detection integration to be installed, along with network and file events collected by Elastic Defend and Network Packet Capture (for network events only). The rule is designed to detect anomalies in data transfer patterns, providing early warning of potential data breaches.

Attack Chain

Attacker gains initial access to a macOS system within the target network.
Attacker identifies sensitive data stored on the compromised system.
Attacker uses Airdrop to initiate a transfer of the identified data to a nearby device.
The receiving device is controlled by the attacker and configured to accept Airdrop transfers.
A large volume of data is transferred via Airdrop, triggering the machine learning detection.
The data is received by the attacker, completing the exfiltration process.
The attacker may attempt to cover their tracks by deleting files or logs related to the Airdrop transfer.

Impact

Successful exploitation can lead to the unauthorized disclosure of sensitive data. The impact depends on the nature of the exfiltrated data, potentially leading to financial loss, reputational damage, or legal repercussions. The severity is relatively low as it depends on the data being transferred.

Recommendation

Install the Data Exfiltration Detection integration in Elastic, including the preconfigured anomaly detection jobs, as required by the rule setup instructions to enable the machine learning detection (Data Exfiltration Detection integration).
Investigate alerts generated by the “Spike in Bytes Sent to an External Device via Airdrop” rule, focusing on identifying the involved device, user, and the nature of the transferred data (Spike in Bytes Sent to an External Device via Airdrop).
Implement additional monitoring on the affected device and similar devices to detect any further anomalous Airdrop activities, as mentioned in the response and remediation steps (Spike in Bytes Sent to an External Device via Airdrop).