Skip to content

The Iru Blog

The Iru Blog Reports Educational Product News Thought Leadership Threat Intelligence
How Twitch Helper Can Be Used for Privilege Escalation
Christopher Lopez

7 min read

How Twitch Helper Can Be Used for Privilege Escalation

Privileged helpers are bits of software that assist applications by running elevated privileged actions separate from the app itself. XPC is Apple’s interprocess communication mechanism that makes this possible.

Threat Intelligence
Update: Cuckoo Malware Evolves
Adam Kohler & Christopher Lopez

5 min read

Update: Cuckoo Malware Evolves

Since our initial report about the Cuckoo malware, there have been some updates to its functionality and infection vector that we wanted to let the Apple security community know about.

Threat Intelligence
How Malware Can Bypass Transparency Consent and Control (CVE-2023-40424)
Csaba Fitzl

9 min read

How Malware Can Bypass Transparency Consent and Control (CVE-2023-40424)

CVE-2023-40424 is a vulnerability that allows a root-level user to create a new user with a custom Transparency Consent and Control (TCC) database in macOS, which can then be used to access other users’ private data.

Threat Intelligence
Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware
Adam Kohler & Christopher Lopez

28 min read

Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware

On April 24, 2024, we found a previously undetected malicious Mach-O binary programmed to behave like a cross between spyware and an infostealer. We have named the malware Cuckoo, after the bird that lays its eggs in the nests of other birds and steals the host's resources for the gain of its young.

Threat Intelligence
CloudChat Infostealer: How It Works, What It Does
Adam Kohler & Christopher Lopez

11 min read

CloudChat Infostealer: How It Works, What It Does

On April 3, 2024, we came across an undetected file that had been uploaded to the online virus-checker VirusTotal that day named Clip. Right off the bat, we noticed that the file had some red flags that warranted further investigation.

Threat Intelligence
How Apple Mitigates Vulnerabilities in Installer Scripts
Csaba Fitzl

14 min read

How Apple Mitigates Vulnerabilities in Installer Scripts

Vulnerabilities are hot topics inside the world of security research and—because of their potentially dramatic impacts—outside as well. Unfortunately, the strategies and tactics that companies like Apple take to prevent specific vulnerabilities—or even entire families of exploits—typically attract less attention. But the fact is that engineering high-impact mitigations is typically more challenging than finding a single vulnerability.

Threat Intelligence
How AMOS macOS Stealer Avoids Detection
Sam Mayers & Christopher Lopez

7 min read

How AMOS macOS Stealer Avoids Detection

Atomic macOS Stealer (AMOS) was first spotted in early 2023. It's a powerful piece of malware that targets Apple users and tricks them into installing the software on their computers. The malware is sold via Telegram; as of January 20, 2024, the price was $3,000 a month.

Threat Intelligence

Stay up to date

Iru's weekly collection of articles, videos, and research to keep IT & Security teams ahead of the curve.