"HOOK-INJ" new hooking-based remote Code execution in mac-Os

Research paper

When it comes to Mac-OS, the concern of malware code injections pervading undetected is rarely considered and seldom addressed.

Admittedly, consensus is correct, Apple operating systems are less susceptible to malware using code injection. The more susceptible target for this type of malware are Windows OS, which due to wide use, make it a veritable free for all. However, in research conduct by Alon Weinberg, Security Researcher at Deep Instinct’s Security Research Team, the possibility remains for your beloved Macintosh to come under attack by rarely known injection code execution techniques using remote process hooking. Not only that, but when this malware does strike, it’s likely to go undetected by whatever security solution you have in place.

In this research paper, we cover the code injection attack surface in macOS, and describe new methods to achieve injected code execution.


In this whitepaper we will cover:

  • A short review of necessary background and fundamentals.
  • Existing known code injection techniques in MacOS.
  • Three rarely documented techniques to hook functions on a remote process.
  • A Deep Instinct custom built Mach-O loader, which effectively bypassed detection by several macOS security solutions.

Please fill out the form to download your whitepaper

By submitting this form, you are confirming you have read and agree to our Privacy and Cookies Policies