Mach-O Feature Extraction and Malware Similarity Analysis with YARA-X

Learn about macOS malware analysis techniques and Mach-O similarity methods in this 36-minute conference talk from Objective-See Foundation. Explore how to develop effective methods for finding similar malware samples beyond traditional string searching approaches, with a focus on creating "easy pivots" similar to those available for Windows executables. Discover the development of a custom Mach-O parser built in Rust for YARA-X, enabling deeper analysis of Mach-O similarities. Follow along as Senior Threat Researcher Greg Lesnewich and Staff Software Engineer Jacob Latonis demonstrate these techniques using real APT Mach-O malware families, while sharing their expertise in threat intelligence, infrastructure tracking, and open-source security tool development.