https://melomac.com/ Recent content on Melomac Hugo en-us Melomac &copy; 2026 Thu, 12 Mar 2026 20:13:36 +0100 https://melomac.com/about/ Wed, 25 Feb 2026 00:00:00 +0000 https://melomac.com/about/ <p>I&rsquo;d love to spare you the agony of a biography, but you might want to know I started with computers on a Macintosh SE running System 7, programming musical keyboards, then drifted into pirating, debugging, reversing, and developing software 🏴‍☠️</p> <p>As a security researcher, I notably discovered <a href="https://en.wikipedia.org/wiki/RSPlug" title="Wikipedia: RSPlug" target="_blank" rel="noopener">RSPlug</a> aka the DNSChanger variant for Mac, uncovered the <a href="https://en.wikipedia.org/wiki/Flashback_%28Trojan%29" title="Wikipedia: Flashback (Trojan)" target="_blank" rel="noopener">Flashback</a> botnet (named after the popular <a href="https://www.youtube.com/watch?v=dYZEl7TVu-0" title="Laurent Garnier - Flashback (Official Video by Quentin Dupieux - 1997 - F Communications)" target="_blank" rel="noopener">track</a> by Laurent Garnier), exposed the <a href="https://wikileaks.org/hackingteam/emails/emailid/473861" title="WikiLeaks: OSX/Crisis Has Been Used as Part of a Targeted Attack" target="_blank" rel="noopener">Hacking Team</a> implant, dissected adware like <a href="https://www.sentinelone.com/blog/osx-ironcore-a-or-what-we-know-about-osx-flashimitator-a/" title="OSX.IronCore.A or what we know about OSX.FlashImitator.A" target="_blank" rel="noopener">IronCore</a> or <a href="https://www.sentinelone.com/blog/analysis-ios-guiinject-adware-library/" title="Analysis of iOS.GuiInject Adware Library" target="_blank" rel="noopener">GuiInject</a>, miners like <a href="https://www.sentinelone.com/blog/osx-pwnet-a-csgo-hack-and-sneaky-miner/" title="CS:GO Hacks for Mac That You Shouldn&#39;t Trust" target="_blank" rel="noopener">Pwnet</a> or <a href="https://www.sentinelone.com/blog/osx-cpumeaner-miner-trojan-software-pirates/" title="OSX.CpuMeaner: New Crypto Mining Trojan Targets macOS" target="_blank" rel="noopener">CpuMeaner</a>, and even suggested the <a href="https://www.intego.com/mac-security-blog/osxshlayer-new-mac-malware-comes-out-of-its-shell/" title="OSX/Shlayer: New Mac malware comes out of its shell" target="_blank" rel="noopener">Shlayer</a> name. Then I vanished into the <a href="https://en.wikipedia.org/wiki/Reality_distortion_field" title="Wikipedia: Reality distortion field" target="_blank" rel="noopener">reality distortion field</a>. I shipped meaningful work, outlasted some turbulence, and left with unfinished business.</p> https://melomac.com/posts/xprotect-behavioral-flop/ Wed, 04 Feb 2026 00:00:00 +0000 https://melomac.com/posts/xprotect-behavioral-flop/ <p>On reading the latest Security Advisories for macOS, a few friends noticed I recently went through a career change:</p> <blockquote> <p><strong>Sandbox</strong><br> We would like to acknowledge Arnaud Abbati for their assistance.</p> </blockquote> <p>And, for once I can share what I do, I am certainly not going to miss the opportunity!</p> <h2 id="threat-or-thread">Threat or Thread</h2> <p>As far as I remember, I always kept an eye wide open on live threats to monitor their evolutions. Once I&rsquo;d figure out the delivery method, I&rsquo;d automate the downloading of new variants and receive notifications about notable changes.</p>