Apple slips up on ChillyHell macOS malware, lets it past security . . . for 4 years
(2025/09/10)
- Reference: 1757531194
- News link: https://www.theregister.co.uk/2025/09/10/chillyhell_modular_macos_malware/
- Source link:
ChillyHell, a modular macOS backdoor believed to be long dormant, has likely been infecting computers for years while flying under the radar, according to security researchers who spotted a malware sample uploaded to VirusTotal in May.
The malware, written in C++ and developed for Intel architectures, was originally reported by Mandiant in 2023. At the time, the Google-owned threat hunters linked it to a group it tracks as UNC4487 (UNC is how Google [1]tracks uncategorized threat groups) that had breached a Ukrainian auto insurance website used by government officials for official travel.
But despite being documented by the security shop, ChillyHell wasn't flagged as malicious. In fact, the sample uncovered by Jamf's researchers is developer-signed and passed Apple's notarization process in 2021.
[2]
"Despite not making it to VirusTotal until 2025, this sample . . . has remained notarized up until these findings," Jamf Threat Labs researchers Ferdous Saljooki and Maggie Zirnhelt [3]said in a Wednesday report, adding that the malware's functionality "appears to be nearly identical" to the Mandiant-found version.
[4]
[5]
In addition, the notarized sample has been hosted publicly on Dropbox since 2021, indicating that it has likely been infecting victims while remaining undetected over the last four years.
Jaron Bradley, director of Jamf Threat Labs, told The Register , "it's impossible to say" how widely ChillyHell has been deployed since then. "We do believe that this was likely the creation of a cybercrime group, making it slightly more targeted in its use and less widely distributed."
[6]
Apple has since revoked the developer certificates connected to ChillyHell. We reached out to the company for comment and will update this story if we hear back.
The malware uses three different persistence mechanisms: it installs itself as a [7]LaunchAgent if run with user-level access, as a system LaunchDaemon if executed with elevated privileges, or as a fallback by altering the user's shell profile.
Plus, as a backup persistence mechanism, ChillyHell alters the user's shell profile (.zshrc, .bash_profile, or .profile) to inject a launch command into the configuration file and ensure the malware is executed on each new terminal session.
[8]Apple fixes zero-click exploit underpinning Paragon spyware attacks
[9]XCSSET macOS malware returns with first new version since 2022
[10]Boffins build automated Android bug hunting system
[11]This Patch Tuesday, SAP is the worst offender and Microsoft users can kinda chill
It uses various tactics to evade detection including timestomping, modifying the timestamps of malicious files to match the timestamps of legitimate ones to blend in with the benign files, which is uncommon in modern macOS malware.
ChillyHell also shifts between multiple command-and-control protocols, which also makes it more difficult to detect.
[12]
Additionally, its modular design allows miscreants to execute several malicious commands and even spawn new attacks after deploying ChillyHell on a victim's device.
These capabilities include downloading new versions of the malware or dropping additional payloads, brute-forcing passwords to gain unauthorized access to other systems, extracting local usernames, which are then stored for use in future password brute-force attempts, and launching credential attacks.
"Between its multiple persistence mechanisms, ability to communicate over different protocols, and modular structure, ChillyHell is extraordinarily flexible," Saljooki and Zirnhelt wrote, adding that it's notable that ChillyHell was notarized. And this "serves as an important reminder that not all malicious code comes unsigned." ®
Get our [13]Tech Resources
[1] https://www.theregister.com/2025/06/03/microsoft_crowdstrike_cybercrew_naming_clarity/
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aMH09AwV9xTAIU8KkPOJWwAAANc&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://www.jamf.com/blog/chillyhell-a-modular-macos-backdoor/
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aMH09AwV9xTAIU8KkPOJWwAAANc&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aMH09AwV9xTAIU8KkPOJWwAAANc&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aMH09AwV9xTAIU8KkPOJWwAAANc&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[7] https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html
[8] https://www.theregister.com/2025/06/13/apple_fixes_zeroclick_exploit_underpinning/
[9] https://www.theregister.com/2025/02/17/macos_xcsset_malware_returns/
[10] https://www.theregister.com/2025/09/04/boffins_build_automated_android_bug_hunting/
[11] https://www.theregister.com/2025/09/10/microsoft_patch_tuesday/
[12] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aMH09AwV9xTAIU8KkPOJWwAAANc&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[13] https://whitepapers.theregister.com/
The malware, written in C++ and developed for Intel architectures, was originally reported by Mandiant in 2023. At the time, the Google-owned threat hunters linked it to a group it tracks as UNC4487 (UNC is how Google [1]tracks uncategorized threat groups) that had breached a Ukrainian auto insurance website used by government officials for official travel.
But despite being documented by the security shop, ChillyHell wasn't flagged as malicious. In fact, the sample uncovered by Jamf's researchers is developer-signed and passed Apple's notarization process in 2021.
[2]
"Despite not making it to VirusTotal until 2025, this sample . . . has remained notarized up until these findings," Jamf Threat Labs researchers Ferdous Saljooki and Maggie Zirnhelt [3]said in a Wednesday report, adding that the malware's functionality "appears to be nearly identical" to the Mandiant-found version.
[4]
[5]
In addition, the notarized sample has been hosted publicly on Dropbox since 2021, indicating that it has likely been infecting victims while remaining undetected over the last four years.
Jaron Bradley, director of Jamf Threat Labs, told The Register , "it's impossible to say" how widely ChillyHell has been deployed since then. "We do believe that this was likely the creation of a cybercrime group, making it slightly more targeted in its use and less widely distributed."
[6]
Apple has since revoked the developer certificates connected to ChillyHell. We reached out to the company for comment and will update this story if we hear back.
The malware uses three different persistence mechanisms: it installs itself as a [7]LaunchAgent if run with user-level access, as a system LaunchDaemon if executed with elevated privileges, or as a fallback by altering the user's shell profile.
Plus, as a backup persistence mechanism, ChillyHell alters the user's shell profile (.zshrc, .bash_profile, or .profile) to inject a launch command into the configuration file and ensure the malware is executed on each new terminal session.
[8]Apple fixes zero-click exploit underpinning Paragon spyware attacks
[9]XCSSET macOS malware returns with first new version since 2022
[10]Boffins build automated Android bug hunting system
[11]This Patch Tuesday, SAP is the worst offender and Microsoft users can kinda chill
It uses various tactics to evade detection including timestomping, modifying the timestamps of malicious files to match the timestamps of legitimate ones to blend in with the benign files, which is uncommon in modern macOS malware.
ChillyHell also shifts between multiple command-and-control protocols, which also makes it more difficult to detect.
[12]
Additionally, its modular design allows miscreants to execute several malicious commands and even spawn new attacks after deploying ChillyHell on a victim's device.
These capabilities include downloading new versions of the malware or dropping additional payloads, brute-forcing passwords to gain unauthorized access to other systems, extracting local usernames, which are then stored for use in future password brute-force attempts, and launching credential attacks.
"Between its multiple persistence mechanisms, ability to communicate over different protocols, and modular structure, ChillyHell is extraordinarily flexible," Saljooki and Zirnhelt wrote, adding that it's notable that ChillyHell was notarized. And this "serves as an important reminder that not all malicious code comes unsigned." ®
Get our [13]Tech Resources
[1] https://www.theregister.com/2025/06/03/microsoft_crowdstrike_cybercrew_naming_clarity/
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aMH09AwV9xTAIU8KkPOJWwAAANc&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://www.jamf.com/blog/chillyhell-a-modular-macos-backdoor/
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aMH09AwV9xTAIU8KkPOJWwAAANc&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aMH09AwV9xTAIU8KkPOJWwAAANc&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aMH09AwV9xTAIU8KkPOJWwAAANc&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[7] https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html
[8] https://www.theregister.com/2025/06/13/apple_fixes_zeroclick_exploit_underpinning/
[9] https://www.theregister.com/2025/02/17/macos_xcsset_malware_returns/
[10] https://www.theregister.com/2025/09/04/boffins_build_automated_android_bug_hunting/
[11] https://www.theregister.com/2025/09/10/microsoft_patch_tuesday/
[12] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aMH09AwV9xTAIU8KkPOJWwAAANc&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[13] https://whitepapers.theregister.com/
Re: unSigned
PRR
> ...lots of development would move elsewhere.
A very long-time freeware electronics design tool, the developer recently tried to port/fork from Windows to Mac, bought the Mac and compiler, even issued a beta.... and was overwhelmed, quit the fork. It frankly would be easier for his few Mac-fans to buy a <$199 mini-PC or run Wine or a VM.
That's not "lots" of development but shows which way the wind blows. Apple needs a better plan to disapprove AND approve apps.
Group
elsergiovolador
'We do believe that this was likely the creation of a cybercrime group,'
Surprise surprise! So it's not the local haberdashery group?
unSigned
Lots of small developers have a hard time navigating Apple's red tape so it requires manually authorizing installs. Users get used to that which makes the notion of signed applications less effective. If Apple were to put in the OS no way to bypass the restrictions, more people might jump to W or linux as lots of development would move elsewhere. I use plenty of the "big" applications, but I find many very niche applications that do one or two things make my life so much easier. A new clipboard utility I just bought has made filing Copyright applications much easier. I used to have to open a text document and save data and application/registration numbers so I could record them and then copy/paste in all of the places the government forms need that information.