ChillyHell, a modular macOS backdoor believed to be long dormant, has likely been infecting computers for years while flying under the radar, according to security researchers who spotted a malware sample uploaded to VirusTotal in May.
The malware, written in C++ and developed for Intel architectures, was originally reported by Mandiant in 2023. At the time, the Google-owned threat hunters linked it to a group it tracks as UNC4487 (UNC is how Google tracks uncategorized threat groups) that had breached a Ukrainian auto insurance website used by government officials for official travel.
But despite being documented by the security shop, ChillyHell wasn’t flagged as malicious. In fact, the sample uncovered by Jamf’s researchers is developer-signed and passed Apple’s notarization process in 2021.
“Despite not making it to VirusTotal until 2025, this sample . . . has remained notarized up until these findings,” Jamf Threat Labs researchers Ferdous Saljooki and Maggie Zirnhelt said in a Wednesday report, adding that the malware’s functionality “appears to be nearly identical” to the Mandiant-found version.
In addition, the notarized sample has been hosted publicly on Dropbox since 2021, indicating that it has likely been infecting victims while remaining undetected over the last four years.
Jaron Bradley, director of Jamf Threat Labs, told The Register, “it’s impossible to say” how widely ChillyHell has been deployed since then. “We do believe that this was likely the creation of a cybercrime group, making it slightly more targeted in its use and less widely distributed.”
Apple has since revoked the developer certificates connected to ChillyHell. We reached out to the company for comment and will update this story if we hear back.
The malware uses three different persistence mechanisms: it installs itself as a LaunchAgent if run with user-level access, as a system LaunchDaemon if executed with elevated privileges, or as a fallback by altering the user’s shell profile.
Plus, as a backup persistence mechanism, ChillyHell alters the user’s shell profile (.zshrc, .bash_profile, or .profile) to inject a launch command into the configuration file and ensure the malware is executed on each new terminal session.
It uses various tactics to evade detection including timestomping, modifying the timestamps of malicious files to match the timestamps of legitimate ones to blend in with the benign files, which is uncommon in modern macOS malware.
ChillyHell also shifts between multiple command-and-control protocols, which also makes it more difficult to detect.
Additionally, its modular design allows miscreants to execute several malicious commands and even spawn new attacks after deploying ChillyHell on a victim’s device.
These capabilities include downloading new versions of the malware or dropping additional payloads, brute-forcing passwords to gain unauthorized access to other systems, extracting local usernames, which are then stored for use in future password brute-force attempts, and launching credential attacks.
“Between its multiple persistence mechanisms, ability to communicate over different protocols, and modular structure, ChillyHell is extraordinarily flexible,” Saljooki and Zirnhelt wrote, adding that it’s notable that ChillyHell was notarized. And this “serves as an important reminder that not all malicious code comes unsigned.” ®
