I understand the interaction with browsers are completely different than on Windows, so things like HTML exploits to download files directly seem undoable without detection as simple as they're done on Windows. Is similar functionality heard of for macOS malware?
I'm interested in delivery methods on macOS without using ZIPs. Specifically, I'm looking for ways that a file (such as a .app or .dmg) can be disguised as something like a PDF (ex. document.pdf.app or some cleaner way if possible) and downloaded directly from a website.
Is it feasible to SE a person into installing a .app or .dmg off of my site whilst my malware bypasses security mechanisms like Gatekeeper / notarization?
Is code signing crucial to bypass Gatekeeper and distribute the file without needing to use ZIP files?
What are the most important things I need when delivering such a payload through browser on macOS?
Me and my partner are interested in anyone providing macOS bypasses, and I would appreciate any insight on the cost or tools needed to execute this kind of attack effectively. Message me to discuss any bypasses or tools that are needed for this method that you have.
I'm interested in delivery methods on macOS without using ZIPs. Specifically, I'm looking for ways that a file (such as a .app or .dmg) can be disguised as something like a PDF (ex. document.pdf.app or some cleaner way if possible) and downloaded directly from a website.
Is it feasible to SE a person into installing a .app or .dmg off of my site whilst my malware bypasses security mechanisms like Gatekeeper / notarization?
Is code signing crucial to bypass Gatekeeper and distribute the file without needing to use ZIP files?
What are the most important things I need when delivering such a payload through browser on macOS?
Me and my partner are interested in anyone providing macOS bypasses, and I would appreciate any insight on the cost or tools needed to execute this kind of attack effectively. Message me to discuss any bypasses or tools that are needed for this method that you have.