Ransomware adopts Process Doppelgänging technique to avoid antivirus researchers and avoid detection in a newly identified malware double threat targeting users in the U.S., Kuwait and Germany.

The macOS Keychain attack, Signal’s new private contact discovery service, the Deloitte hack, and a handful of mobile stock trading app vulnerabilities are discussed.

Apple said that macOS’ native Gatekeeper security feature would protect against a Keychain attack disclosed this week, but researcher Patrick Wardle said that won’t help against Mac malware signed with an Apple certificate.

Researcher Patrick Wardle has discovered a critical vulnerability that allows an attacker to dump passwords in plaintext from the macOS Keychain. The vulnerability is in macOS High Sierra, Sierra and El Capitan, and has yet to be patched.

An insecure Apple authorization API is used by numerous popular third-party application installers and can be abused by attackers ro run code as root.

This week at Black Hat, Mac malware expert Patrick Wardle will describe how he used a custom-built command and control server to analyze new spying capabilities in a variant of the FruitFly backdoor.

A new strain of malware is designed to spread malware on either Mac OS X or Microsoft Windows, depending on where it’s opened.

At last week’s Apple Worldwide Developer Conference, Apple announced some security upgrades around Gatekeeper and a new filesystem that includes native support for encryption. Mac hacker Patrick Wardle, director of research at Synack, explains whether this a big deal and how the upgrades address some problems he’d disclosed to Apple. Download: Patrick_Wardle_on_MacOS_Gatekeeper_Security.mp3 Music by Chris Gonsalves

Threatpost Editor Mike Mimoso talks to Synack director of research and well-known OS X hacker Patrick Wardle about the discovery of an OS X malware dropper that likely was developed by the Hacking Team. [embedded content]