In the previous chapters, we leveraged both static and dynamic analysis methods to uncover malware’s persistence mechanisms, core capabilities, and most closely held secrets. Of course, malware authors are not happy about their creations being laid bare for the world to see. Thus, they often seek to complicate analysis by writing anti-analysis logic or other protection schemes. In order to successfully analyze such malware, we must first identify these protections and then circumvent them.

In this chapter we’ll discuss anti-analysis approaches common among macOS malware authors. Generally speaking, there are two kinds of ...