macOS malware

Attack tree

1 Create backdoor
    1.1 Meterpreter python backdoor with msfvenom (for example python/meterpreter/reverse_tcp)
    1.1 Select OS X option in from menu 01 in Fat Rat (OR)
    1.2 Use a stager that starts with osx in Empire (like osx/applescript) (OR)
    1.3 Choose Python payload and use source.py in Veil
2 Convert to application executable with macOS' scripteditor

Resources

• frizb/MSF-Venom-Cheatsheet

• Empire wiki