As macOS continues to grow in popularity within enterprise environments, cyber threats like the Atomic Stealer malware family have emerged, leveraging stealthy and sophisticated techniques such as Dyld (Dynamic Linker) injection to establish persistence and evade detection. This session focuses specifically on the Atomic Stealer family, dissecting its utilization of Dyld injection to covertly execute malicious payloads by manipulating environment variables, notably DYLD_INSERT_LIBRARIES, within legitimate processes.

The presentation will provide detailed insights derived from original research, including step-by-step demonstrations of Atomic Stealer's operational methodologies, injection techniques, and persistence mechanisms. Attendees will learn about custom detection methods designed to identify the Atomic Stealer and similar threats, incorporating advanced endpoint behavioral analysis, macOS native logging mechanisms, and specially crafted YARA signatures.

Participants will leave equipped with concrete, actionable strategies for detecting, mitigating, and proactively hunting threats associated with the Atomic Stealer malware family.