The Iru Blog

Iru Team

•

7 min read

User-Based vs. Device-Based Security Exclusions: Finding the Right Balance

Security exclusions represent one of the most nuanced decisions admins face when designing effective security policies. These exceptions to your standard security rules require careful consideration - apply them too liberally, and you risk creating security gaps; too restrictively, and you might impede legitimate work. But before you can determine how many exclusions to implement, you need to decide what type of exclusions make the most sense for your environment.

Thought Leadership August 27, 2025

Adam Kohler & Christopher Lopez

•

6 min read

Threat Detected: RustyPages Malware - Part I

On August 13 2025, Iru's security researchers discovered a potentially interesting Rust-compiled file on VirusTotal. Our investigation resulted in the analysis of 6 related Mach-O files. With this initial blog post, we're focusing on the first file of this analysis, the dropper. The dropper file is designed to quietly download and run another malicious file, stay on the system by setting up persistence, and avoid being detected by commonly used macOS security tools. We have included the hashes of the relevant Mach-O files currently on VirusTotal in the IOC section below in an effort to shed light on these samples quickly while we continue our analysis of the loader samples. At the time of writing, the specific Mach-O we cover below has zero detections on VirusTotal and most of the loader Mach-O files are also undetected.

Threat Intelligence August 19, 2025

Iru Team

•

6 min read

No More Pitchforks: How to Build User Trust During Security Rollouts

The scene is familiar to anyone who's worked in IT or security: an urgent vulnerability needs patching, a new control must be deployed immediately, or a policy change can't wait. You execute the technical implementation flawlessly. Then come the Slack messages and emails.

Thought Leadership August 14, 2025

Alex Gartner

•

3 min read

Iru Quarterly Threat Intelligence Report - August 2025

Welcome to the Iru Threat Intelligence Report, our quarterly summary of emerging threats in the macOS ecosystem and how Iru is responding in real time. In each edition, we break down key threat discoveries and the protections we’ve deployed to keep customer devices secure.

Threat Intelligence August 7, 2025

Iru Team

•

4 min read

Apple Intelligence in the Enterprise: an Admin’s Perspective

The Six Colors 2025 Apple in the Enterprise Report Card has sparked plenty of conversation about Apple’s direction, areas of growth, and continued challenges with enterprise products. Jason Snell, founding editor of Six Colors, and Weldon Dodd, Iru Distinguished Solutions Engineer unpacked the report’s findings and what they mean for Apple device administrators on a recent MacAdmins Podcast episode.

Thought Leadership July 28, 2025

Iru Team

•

5 min read

Iru Launches Vulnerability Response: The Missing Link Between Detection and Remediation

If you've ever managed Mac computers in an enterprise, you know the drill: your security team discovers a critical vulnerability in Chrome, creates a ticket, and hands it off to IT to patch. Meanwhile, you're still chasing down users to update their apps while that vulnerability sits unpatched across your fleet. It's a frustrating cycle that leaves both teams feeling like they're always playing catch-up.

Product News July 23, 2025

Iru Team

•

11 min read

Choosing the Best Mac Login Experience: Comparing Kerberos SSO, Platform SSO, and Kandji Passport

The login screen, also known as the login window, is the start of every user’s Mac experience. But the average user doesn't give it much thought - they just enter a password and move on. Yet behind that moment is a critical security checkpoint and a key part of the user experience.

Thought Leadership July 18, 2025

Iru Team

•

7 min read

How IT and Security Teams are Handling AI: Insights from Our Survey

AI tools are entering the workplace faster than most IT teams can respond. What began as experimental use cases is now widespread day-to-day reliance and often without oversight.

Reports July 15, 2025

Iru Team

•

7 min read

When Great Engineers Quit: Why Tools Make or Break Job Satisfaction

The tech industry has a retention problem, but not for the reasons most people expect. Rather than quitting because work is too complex or challenging, talented IT and security engineers tend to leave because their tools prevent them from doing meaningful work.

Thought Leadership June 26, 2025

Iru Team

•

6 min read

What WWDC 2025 and the Next macOS Release Could Mean for Apple Admins

Every year, Apple’s new macOS release offers an opportunity to innovate. It also brings uncertainty for IT teams trying to keep pace with constant change. With the next major release set to preview at WWDC 2025 (June 9 to 13), admins are preparing for a high-stakes upgrade cycle. Early previews hint at broad updates spanning the Apple product suite, from design changes that unify UX across devices to much-anticipated Apple Intelligence features.

Thought Leadership June 4, 2025

Iru Team

•

7 min read

Shadow IT: IT Professionals Adapt, Respond, and Redefine Control

Shadow IT has always been a loaded term, typically implying rule-breaking, risk, or lack of control. But the reality is more nuanced. When we surveyed 115 IT professionals, what we found wasn’t a story of defiance. It was one of friction.

Reports June 2, 2025

Christopher Lopez

•

14 min read

Dissecting the macOS 'AppleProcessHub' Stealer: A Technical Analysis

On May 15, 2025, the security research team MalwareHunterTeam (@malwrhunterteam) identified a suspicious file named libsystd.dylib with low detection—only 2 at the time of posting— which appeared to be an infostealer.

Threat Intelligence May 23, 2025

Alex Gartner

•

4 min read

Kandji Quarterly Threat Intelligence Report: May 2025

Welcome to the Iru Threat Intelligence Report, our quarterly summary of emerging threats in the macOS ecosystem and how Iru is responding in real time. In each edition, we break down key threat discoveries and the protections we’ve deployed to keep customer devices secure.

Threat Intelligence May 9, 2025

Alex Gartner

•

10 min read

macOS Vulnerabilities: A Year of Security Research at Iru

Iru security researchers have been hard at work hunting for vulnerabilities in macOS, reporting them to Apple before malicious actors can exploit them. This proactive approach is a cornerstone of our product strategy, benefiting not just our customers but the entire Apple ecosystem.

Threat Intelligence May 1, 2025

Nick Zolotko, Christopher Lopez, & Adam Kohler

•

28 min read

PasivRobber: Chinese Spyware or Security Tool?

On March 13, 2025, our team found a suspicious mach-O file on Virustotal named wsus. After our initial analysis of this file and the package which installed it, we discovered over 20 related binaries used to capture data from macOS systems and applications, including WeChat, QQ, web browsers, email, etc. This multi-binary suite indicates a deep understanding of macOS and their target applications. The software’s targeted applications and other observed network connections strongly indicate both a Chinese origin and target user base.

Threat Intelligence April 14, 2025