Tweet URL - https://twitter.com/patrickwardle/status/1547967373264560131 | Hacker Trends

patrick wardle on Twitter: "macOS malware often (ab)uses APIs such as NSCreateObjectFileImageFromMemory, NSLinkModule etc) to execute in-memory payloads. Apple has recently updated dyld3 (+these APIs), such that the in-memory payload is now first/always written out to disk 💾 See: https://t.co/vDuXLs6LXD https://t.co/ALyFKSGRco" / Twitter

https://twitter.com/patrickwardle/status/1547967373264560131

https://x.com/home/status/1547969492801560577

https://x.com/home/status/1548000125192089601

https://x.com/home/status/1548008278222708736

https://x.com/home/status/1548048234597167106

https://x.com/home/status/1548048733727641602

https://x.com/home/status/1548049455378677761