Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

VirusTotal Adds Sandbox Execution for OS X Files

Google-owned malware scanning service VirusTotal announced on Tuesday that Mac OS X files scanned by users will be executed in a sandbox in order to analyze their behavior.

VirusTotal

Google-owned malware scanning service VirusTotal announced on Tuesday that Mac OS X files scanned by users will be executed in a sandbox in order to analyze their behavior.

VirusTotal

As threats designed to target Apple devices become more common — recent examples include XcodeGhost and WireLurker —, researchers may want to analyze the behavior of OS X files that look suspicious.

Sandbox execution was first introduced by VirusTotal in 2012 for Windows PE files and the feature was expanded in 2013 to include Android applications (APKs). Now, users will also be able to view behavioral reports when scanning Mach-O and DMG files and ZIP archives containing a Mac application.

VirusTotal has pointed out that Mac files will be executed in a sandbox regardless of the scan method being used — behavioral reports are produced for files scanned via virustotal.com, the OS X Uploader utility, or the API.

The new “Behavioural information” tab introduced for OS X file scans provides a report on the actions and events performed by the targeted file or by the processes it launches or injects.

The information includes a list of opened, read, moved and written files, created processes, HTTP and DNS requests, and TCP connections. The malware scanning service has provided example reports for DMG files, Mach-O files, and ZIP archives containing a Mac app.

Advertisement. Scroll to continue reading.

Customers with “allinfo” or private API privileges will see the behavior information in the API responses. The information is indexed and searchable for customers of VirusTotal Intelligence, the premium service that offers advanced features.

When it launched the sandbox execution feature in 2012, VirusTotal noted that its goal is not to replace existing online sandboxes, but to provide complementary reports that will further help the security community.

Earlier this year, the service announced the launch of a project dubbed “Trusted Source,” designed to allow major software developers to share their files in order to ensure that antivirus products don’t erroneously flag them as malicious.

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Sherrod DeGrippo has been appointed Head of Threat Intelligence for Palo Alto Networks Unit 42.

Christopher Porter has joined Booz Allen Hamilton as Global Chief Information Security Officer.

Yael Ben Arie has joined exposure validation company Pentera as Chief Product Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.