Security News > 2023 > January > Microsoft retracts its report on Mac ransomware
Anti-analysis techniques are deployed by malware to evade analysis or render the file analysis much more complex and difficult for researchers and malware sandboxes.
File enumeration is a critical operation for ransomware operators.
The output of the find command is then provided to the malware in order to run its operations on the discovered files.
FileCoder enumerates recursively all files from the macOS /Users and /Volumes folders, excluding files named README!
MacRansom is more specific: It searches for files in the /Volumes and the current user's home folder, but it checks for files bigger than 8 bytes, belonging to the current user for which they have read permissions enabled.
EvilQuest has the ability to infect Mach object file format files by prepending its code to targeted files.
News URL
https://www.techrepublic.com/article/microsoft-retracts-mac-ransomware-report/