Jamf researchers have detailed a Mac backdoor called ChillyHell that passed Apple's notarization checks in 2021 and went unnoticed until very recently.
Jamf Threat Labs revealed the findings in September 2025 after analyzing a sample uploaded to VirusTotal in May. The malware had passed Apple's automated checks in 2021 and remained notarized until researchers flagged it.
That means any Mac user could have run it without security warnings. Jamf stumbled on the malware during routine sample analysis, where it stood out for unusual process reconnaissance.
The malware family had been documented before but never fully dissected. Earlier mentions came from a private 2023 Mandiant report linking it to a group called UNC4487, which compromised a Ukrainian government-related website in 2022.
The attack also delivered the malware strain "Matanbuchus" and you're forgiven if you think that's the name of a metal band. Investigators later found additional samples linked to the same developer certificate.
Two carried the ChillyHell name, and Jamf's latest report finally provides the missing technical details.
The notarization problem
Apple's notarization system is meant to protect users by checking software for known malicious signatures. Developers submit apps, Apple scans them, and a notarized result means the app can run without triggering macOS Gatekeeper warnings.
In practice, it's not entirely secure. ChillyHell was signed by a developer ID and approved in 2021, which granted it the same level of legitimacy as legitimate software.
It was even hosted publicly on Dropbox since that time. Only after Jamf flagged the sample did Apple revoke the associated certificates.
Technical anatomy of ChillyHell malware
Jamf's analysis shows ChillyHell is a modular C++ backdoor targeting Intel-based Macs. The sample disguised itself as a harmless macOS applet but skipped including the actual AppleScript that would normally make it functional.
When the malware ran, it first profiled the host, set up persistence, and opened command-and-control connections. It could install itself as a LaunchAgent for users, a LaunchDaemon for root access, or inject commands into shell profile files.
If those methods failed, it relied on older tricks like modifying the .zshrc file. These steps helped ensure the backdoor stayed active on infected Macs.
Command & control tricks
To stay hidden, it used timestomping to rewrite file creation and modification dates. It also launched a decoy Google homepage in the user's browser, presumably to make the activity look benign.
ChillyHell connected to hardcoded IP addresses using both DNS and HTTP. It paused for a random interval between 60 and 120 seconds before continuing.
After connecting, it repeatedly fetched tasks and checked for duplicates. It then executed any new commands through its modular system.
- ModuleBackconnectShell: Created a reverse shell back to attackers, complete with the oddly cheerful banner "Welcome to Paradise."
- ModuleUpdater: Replaced itself with a newer version from its operators.
- ModuleLoader: Downloaded and ran payloads from the C2 server, cleaning up files afterward.
- ModuleSUBF: A brute-force password cracker that downloaded tools and wordlists, then attempted to break into local user accounts. Researchers believe it targeted Kerberos authentication based on filenames and behavior.
These plug-ins give the malware unusual flexibility, which makes it stand out in the macOS landscape. Modular backdoors with brute-forcing capability are rare on Macs.
Apple's response to ChillyHell
After Jamf shared findings, and well prior to this announcement, Apple revoked the developer certificates associated with ChillyHell. That stops new installations, but it doesn't help machines already infected.
Those systems need manual cleanup, using indicators of compromise like modified LaunchAgent files or hidden binaries in /usr/local/bin/qtop.
Apple revoked the developer certificates associated with ChillyHell.
Researchers thanked Google's Threat Intelligence team for earlier work that helped identify the malware family. But the bigger lesson is for Apple — notarization is not a guarantee, and treating it as such risks lulling users into complacency.
Why it matters
ChillyHell's long stay under Apple's notarization program raises some tough questions. If a modular backdoor with brute-force tools can slip through, there may be more waiting in line.
Apple often promotes its ecosystem as safer than Windows, and in many ways it still is since macOS sees fewer widespread infections. The idea that Macs are untouchable is starting to fade as attackers focus on targeted compromises instead of mass attacks.
They only need to hit the right victims to succeed. A notarized, flexible backdoor is perfectly suited for that approach.
The Ukrainian link hints that geopolitics are involved. Researchers say UNC4487, the group first associated with ChillyHell, went after government employees.
Selling access to hacked systems has become a profitable side business in the cybercrime world. Malware like ChillyHell walks the line between a spy tool and a commercial exploit.
How to stay safe from ChillyHell malware
For everyday Mac users, the ChillyHell case is a reminder to treat notarization as a security guard checkpoint, not an impenetrable fortress. Apple's checks catch a lot of junk, but they don't catch everything.
Sticking to apps from the Mac App Store is safer, though not foolproof. If you download software from the web, verify the developer's identity and reputation before installing.
Keep macOS updated since Apple often patches security gaps quietly. It also pays to run regular malware scans with a reputable security tool, especially if you work in sensitive fields.
And if you notice strange processes, unexpected system slowdowns, or odd files in places like /usr/local/bin, don't ignore them. That could be your first clue something unwelcome has moved in.
