Compute and match file cryptographic or fuzzy hash digests, for threat hunting and binary triage on macOS.

We discuss a bug in XProtect behavior events abused in the wild in the current XCSSET malware campaign, then we explain why XProtect behavioral telemetry is fundamentally flawed.