Cybertech Europe 2026-IT Industry Official Media Partner
Subscribe

Stay up to date with the most important news

By pressing the Subscribe button, you confirm that you have read and agree to our privacy policy and terms of use
Contact us

New ChillyHell variant discovered – malicious macOS backdoor bypasses Apple security

Peo Strindlund, Nordic Head at Jamf Peo Strindlund, Nordic Head at Jamf
Peo Strindlund, Nordic Manager at Jamf.

Jamf Threat Labs has identified a new variant of the malicious code family ChillyHell, a modular backdoor specifically targeting macOS. Despite Apple’s advanced security controls, the threat has managed to go unnoticed and remain openly available online for years. The discovery highlights how quickly cyber threats to macOS are evolving – and how difficult they have become to detect in a timely manner.

Discovery of the new variant

In the recently published report ChillyHell: A Deep Dive into a Modular macOS Backdoor Jamf Threat Labs describes how a new ChillyHell variant uploaded on VirusTotal – a platform where files are analyzed against hundreds of antivirus programs. Despite the file contained advanced malware code, it was initially not marked as dangerous by established antivirus solutions.

New ChillyHell variant discovered – malicious macOS backdoor bypasses Apple's security | IT industry

It also turned out that the same code had already 2021 managed to pass Apple's security checks, which means that it could have been active and unsuspected for several years before its discovery in 2025.

  • The IT industry Nordic technology media platform covering cybersecurity, cloud, AI, digital transformation, channel, MSP and enterprise IT news
    The IT industry is a leading Nordic technology media platform covering cybersecurity news, artificial intelligence, cloud computing, enterprise IT, digital transformation, managed services, channel partners, software development, telecommunications, data centers, IT infrastructure, technology leadership, business innovation, and emerging technologies. Through executive interviews, industry analysis, event coverage, thought leadership, product launches, vendor updates, and market insights, the IT industry connects technology decision-makers, CIOs, CISOs, CTOs, IT managers, MSPs, resellers, distributors, technology vendors, startups, and enterprise organizations across Sweden, Norway, Denmark, Finland, and Europe. Coverage includes cybersecurity trends, AI adoption, cloud strategy, enterprise software, networking, digital infrastructure, sustainability, compliance, governance, risk management, automation, data analytics, and future technology developments.
    OWN CONTENT

  • Maciek Szczesniak featured on IT-Branschen Wire Channel Magic Chats podcast banner
    Maciek Szczesniak appears on IT-Branschen Wire Channel Magic Chats, discussing leadership, innovation, digital transformation, and business services.
    SPONSORED

  • VORTIQ-X AI Governance helps companies transform AI into controllable and verifiable business value.
    VORTIQ-X is an AI Governance platform that helps organizations govern, verify, and create measurable business value from AI. The platform focuses on transparency, compliance, AI governance, and the effective use of AI in mission-critical processes.
    ADVERTISEMENT

  • Cybertech Europe 2026 cybersecurity conference in Rome with the IT industry as Official Media Partner
    Cybertech Europe 2026 is one of Europe's leading cybersecurity conferences, bringing together cybersecurity leaders, government officials, technology innovators, startups, investors, and enterprise decision-makers in Rome. The IT industry serves as an Official Media Partner, providing event coverage, executive interviews, industry insights, and cybersecurity news for Nordic and European audiences.
    ADVERTISEMENT

Background of the threat

ChillyHell documentation dates back to 2023, when the threat was first linked to an attacker group targeting Ukrainian officials. The modular design of the code makes it particularly dangerous – it can be easily adapted to:

  • Give remote access to infected systems.
  • Download additional malware in several steps.
  • Implement bruteforce attacks on passwords.

Reports also confirm that the code has been openly published on Dropbox since 2021, further underscoring the long-term presence of the threat.

Tactics that bypass protection

ChillyHell uses unusual and sophisticated methods to evade detection:

  • Time stomping: manipulation of timestamps to hide malicious files.
  • Dynamic C2 protocols: the ability to switch between multiple command-and-control channels.
  • Flexibility and modularity: making it difficult for traditional security solutions to block the threat permanently.

According to Jamf Threat Labs, the threat was discovered during a routine analysis on VirusTotal, when researchers were able to identify anomalous processes and behavior patterns that indicated something unknown.

New ChillyHell variant discovered – malicious macOS backdoor bypasses Apple's security | IT industry

Comment from Jamf

“This type of discoveries show the need for strengthened security practices for macOS users"Even seemingly secure systems can contain backdoors that have gone under the radar for years," says Peo Strindlund on Jamf.

The importance of cybersecurity

The discovery of ChillyHell is a reminder that the threat landscape for macOS is constantly changing. A backdoor that managed to evade both Apple's security filters and antivirus software for several years shows how important it is for companies to complement with specialized security solutions.

Jamf Threat Lab's work also demonstrates the value of proactive analyses, where researchers can use advanced methods to identify threats that would otherwise have remained invisible.

About Jamf Threat Labs

Jamf Threat Labs consists of a global team of threat researchers and cybersecurity experts which focuses on analyzing and documenting emerging threats to macOS and mobile platforms. By publishing their findings, they raise awareness among both businesses and individuals, while helping organizations develop better security practices.

Stay up to date with the most important news

By pressing the Subscribe button, you confirm that you have read and agree to our privacy policy and terms of use
  • Cybertech Europe 2026 cybersecurity conference in Rome with the IT industry as Official Media Partner
    Cybertech Europe 2026 is one of Europe's leading cybersecurity conferences, bringing together cybersecurity leaders, government officials, technology innovators, startups, investors, and enterprise decision-makers in Rome. The IT industry serves as an Official Media Partner, providing event coverage, executive interviews, industry insights, and cybersecurity news for Nordic and European audiences.
    ADVERTISEMENT

  • VORTIQ-X AI Governance helps companies transform AI into controllable and verifiable business value.
    VORTIQ-X is an AI Governance platform that helps organizations govern, verify, and create measurable business value from AI. The platform focuses on transparency, compliance, AI governance, and the effective use of AI in mission-critical processes.
    ADVERTISEMENT

  • The IT industry Nordic technology media platform covering cybersecurity, cloud, AI, digital transformation, channel, MSP and enterprise IT news
    The IT industry is a leading Nordic technology media platform covering cybersecurity news, artificial intelligence, cloud computing, enterprise IT, digital transformation, managed services, channel partners, software development, telecommunications, data centers, IT infrastructure, technology leadership, business innovation, and emerging technologies. Through executive interviews, industry analysis, event coverage, thought leadership, product launches, vendor updates, and market insights, the IT industry connects technology decision-makers, CIOs, CISOs, CTOs, IT managers, MSPs, resellers, distributors, technology vendors, startups, and enterprise organizations across Sweden, Norway, Denmark, Finland, and Europe. Coverage includes cybersecurity trends, AI adoption, cloud strategy, enterprise software, networking, digital infrastructure, sustainability, compliance, governance, risk management, automation, data analytics, and future technology developments.
    OWN CONTENT

  • Maciek Szczesniak featured on IT-Branschen Wire Channel Magic Chats podcast banner
    Maciek Szczesniak appears on IT-Branschen Wire Channel Magic Chats, discussing leadership, innovation, digital transformation, and business services.
    SPONSORED