Digita Security

Cybersecurity solutions for the

  • modern
  • mobile
  • independent
  • innovative
  • enterprising

macOS workforce

February 19, 2018, by Patrick Wardle

Tearing Apart the Undetected (OSX)Coldroot RAT

analyzing the persistence, features, and capabilities of a cross-platform backdoor

Patrick has always said he likes his tools open source! Follow along as he uncovers and analyzes an undetected cross-platform “Remote Administration Tool”, complete with tracing its origins to a github repository and a publicly available YouTube demo 😮

While the intent of the author, how the sample ended up on VT, and if users have ever been targeted are not known at this time, the features and capabilities of malware are certainly present.

continue reading

February 5, 2018, by Patrick Wardle

Analyzing OSX/CreativeUpdater

a macOS cryptominer, distributed via macupdate.com

More macOS malware! Once again tricking users into installing an infected application by leveraging a popular download site to gain trust. Read Patrick’s short blog post as he dissects the persistence mechanism for this cryptomining malware targeting macOS users.

continue reading

January 23, 2018, by Patrick Wardle

Analyzing CrossRAT

A cross-platform implant, utilized in a global cyber-espionage campaign

Follow along with Patrick at 40,000ft as he dives deeper into the capabilities of macOS malware first reported by Lookout/EFF in their Dark Caracul analysis. Want to interactively play along with his breakdown? Objective-See has shared the malware, which can be downloaded here – password: infect3d.

continue reading

January 2, 2018, by Joshua Stein

Patrick Wardle Joins the Digita Family!

(@patrickwardle) formally joins Digita Security as Co-Founder and Chief Research Officer Patrick is widely regarded as a top researcher in the fields of macOS security and malware analysis. He has been credited with numerous CVEs in core macOS components. Their subsequent fixes have improved macOS security for every user and have been rumored to have spawned a new phrase in Cupertino, “Getting Wardled”. This year Patrick’s research has been featured on CNN, Forbes, and the New York Times.

continue reading

October 9, 2017, by Joshua Stein

High Sierra installer reverts XProtect rules

SoftwareUpdate fails to re-update them

October 19th, 2017 Update: Apple has just silently pushed an updated XProtect configuration package that appears to address this issue. The package changes the receipt identifier that was the root cause of the problem. It does not change the configuration version number nor introduce any changes to XProtect rules. We’ve confirmed that previously ‘stuck’ machines are now updating properly. TLDR; High Sierra installer replaces XProtect config version 2095 with version 2094.

continue reading

September 20, 2017, by Jon Malm

import Foundation; print("Hello World!")

Welcome to the new Digita Security website. We are excited to start sharing our start-up journey. We hope you can tell from our new website launch that we have a passion for macOS, cyber-security, and product development. As long time Mac users and security professionals we recognize that we have a great opportunity to build native macOS security products. At Digita Security our primary goal is to improve the security of macOS users by developing high quality security products that are accessible to everybody.

continue reading