- ChillyHell is a modular macOS backdoor created in 2021 that passed Apple’s notarization and stayed undetected for years
- Mandiant spotted it in 2023, but the info wasn’t shared publicly, so AV tools didn’t catch on
- Jamf exposed it in 2025, revealing it’s still notarized and not flagged by antivirus engines
For at least four years, a piece of modular Apple malware was being deployed on target devices, without being flagged by antivirus solutions.
To make matters worse, for at least two years, (a part of) the cybersecurity community was aware of its existence.
Earlier this week, security researchers Jamf published a new report, detailing ChillyHell, a modular backdoor that provides its operators with a reverse shell, the ability to update itself, and an option of fetching and executing additional payloads.
First detection in 2023
While the backdoor in itself is not out of the ordinary, the fact that it remained undetected for a long time is. Apparently, the malware was created in 2021, when it was submitted to Apple. It passed notarization checks, meaning Apple’s automated systems didn’t flag it as malicious.
It managed to pass the checks because its payloads were split across modules, it was signed with a valid Apple Developer ID, and was designed as a harmless app. Furthermore, it had no standard behavioral red flags such as privilege escalation, or network scanning.
Up until 2023, it operated undetected, with no antivirus detections across major platforms. However, in 2023, Mandiant (Google’s cybersecurity arm) identified it in a threat intelligence briefing, and even attributed it to UNC4487, a threat actor that was seen targeting Ukrainian officials via an auto insurance website.
But the briefing was shared privately and without technical details, leaving the broader security community in the dark about its existence. Apple did not revoke the notarization, and AV tools still didn’t flag it.
Fast forward to 2025, and now Jamf Threat Labs publicly disclosed the malware, gave it the name ChillyHell, and detailed its architecture, persistence, and evasion techniques. It also stressed that even at this point, Apple’s notarization remained valid, and some samples uploaded to VirusTotal are still not being flagged by antivirus.
Via The Register
