ChillyHell, a modular macOS backdoor believed to be long dormant, has likely been infecting computers for years while flying under the radar, according to security researchers who spotted a malware sample uploaded to VirusTotal in May.

The malware, written in C++ and developed for Intel architectures, was originally reported by Mandiant in 2023. At the time, the Google-owned threat hunters linked it to a group it tracks as UNC4487 (UNC is how Google tracks uncategorized threat groups) that had breached a Ukrainian auto insurance website used by government officials for official travel.

But despite being documented by the security shop, ChillyHell wasn't flagged as malicious. In fact, the sample uncovered by Jamf's researchers is developer-signed and passed Apple's notarization process in

See Full Page