An effort to reverse-engineer malicious AppleScript has led to the creation of a tool to analyze run-only malware targeting the Mac operating system, undermining a common attacker approach to obfuscating code on the platform. Cybersecurity firm SentinelOne created the tool, known as the Apple Event (AEVT) decompiler, to analyze a cryptominer campaign that used AppleScript to automated four different stages of the infection chain:
Read full article on Dark Reading