Day 1️⃣​0️⃣​ of #100DaysOfYara: MacOS Browser Hijacker Scripts🍎​
🔗​ https://github.com/colincowie/100DaysOfYara_2023/blob/main/January/010/010.md

Background on these MacOS malware scripts used by #ChromeLoader aka #ChoziosiLoader:
📖​ https://redcanary.com/blog/chromeloader/
📖​ https://blogs.vmware.com/security/2022/09/the-evolution-of-the-chromeloader-malware.html
📖​ https://www.th3protocol.com/2022/Choziosi-Loader

Todays rule did a nice job of detecting the historical ChromeLoader scripts. A more generic yara rule for identifying .command script abuse would potentially be pretty interesting!