The absence of adoption of antivirus solutions on Mac OS X is not surprisingly popular since the OS is considered safest and stable however, this innate ability doesn’t stop some adventurists from exploring different avenues that remain unknown. VirusTotal, reputed online file-scanning service from Google, is executing suspicious Mac apps submitted by users inside a sandbox to gather information which could be used to improve the detection capabilities and analysis of Mac malware by manifolds.
VirusTotal to analyze Mac malware
The experiment is being conducted at a time when scores of potentially unwanted Mac OS X applications like adware programs are at its peak in views of security vendors. VirusTotal, a Google-owned file scanning service, allows users to upload suspicious files and scan them with 54 different antivirus products by extracting behavioral information from scanned Mac executable files.
Behavioral analysis is one way via which Mac anti-virus software, keeps a close eye on suspicious activities performed by any applications like deleting a large number of files. Till date, VirusTotal only performed a simple static scan of files submitted by a user, without executing them.
This activity did away with most important step of modern malware testing – behavioral analysis. To complement the static analysis reports with more information, VirusTotal added behavioral information for Windows executables in 2012.
Behavioral information is extracted by running the file inside a controlled environment — a sandbox. Its actions such as what files it creates, reads, or moves are then monitored carefully. The same capability was built in 2013 for Android apps and since few days had been made available for Mach-O executables, DMG files, or ZIP files containing Mac apps.