'ChillyHell' Backdoor Hid in Notarized Mac Apps for Four Years

'ChillyHell' backdoor hid in notarized Mac apps for four years

Jamf researchers have detailed a Mac backdoor called ChillyHell that passed Apple's notarization checks in 2021 and went unnoticed until very recently.New malware found on MacsJamf Threat Labs revealed the findings in September 2025 after analyzing a sample uploaded to VirusTotal in May. The malware had passed Apple's automated checks in 2021 and remained notarized until researchers flagged it.That means any Mac user could have run it without se…

Report: ChillyHell is a sophisticated macOS backdoor that had previously been dormant for years

ChillyHell is a sophisticated macOS backdoor that had previously been dormant for years

ChillyHell malware continues to go undetected on macOS, according to Jamf

Macworld Jamf Threat Labs has released a new report on Mac malware. Dubbed ChillyHell, the malware was first discovered in 2021 and privately reported by cybersecurity firm Mandiant in 2023. This past May, Jamf spotted a new sample of ChillyHell on VirusTotal, a website used to analyze suspicious files and URLs, indicating new activity for the malware. On an infected Mac, ChillyHell can collect information such as usernames and passwords. What …

macOS also contains backdoors: how the 'ChillyHell' malware works

macOS is not known for being the target of many cyberattacks. Yet ChillyHell has been flying under the radar for years.