Jamf Threat Labs has published a new report highlighting the resurgence of Mac malware known as ChillyHell. Initially detected in 2021 and later privately disclosed by cybersecurity company Mandiant in 2023, the malware resurfaced this past May when Jamf identified a fresh sample on VirusTotal—a platform used for analyzing suspicious files and URLs.

Once a Mac is compromised, ChillyHell can steal sensitive data such as usernames and passwords. What sets this malware apart is its ability to use timestomping—altering file timestamps—and its capability to switch C2 protocols to bypass detection. According to Jamf, “the developer certificates associated with ChillyHell have been revoked.” While this action restricts its ongoing development, it doesn’t mean the malware has completely disappeared from circulation.

To minimize the risk of infection, avoid downloading applications from unverified sources such as GitHub or third-party websites. The Mac App Store remains the safest place to install apps, as Apple rigorously vets software before publishing. Alternatively, purchase apps directly from trusted developers via their official websites.

Using cracked or pirated software dramatically increases the risk of malware exposure. Users should also avoid clicking links in unsolicited emails or messages. If a message appears legitimate, verify the sender’s email and check the link carefully. On a Mac, you can Control-click a link, choose Copy Link Address, and paste it into a text editor to preview the real URL before visiting.

For additional security, Macworld offers resources such as a guide on whether antivirus software is necessary, a detailed list of Mac viruses and trojans, and a comparison of the best Mac security software available. Apple also provides built-in protections in macOS and releases regular security updates. Installing these updates promptly is essential, as Apple reissues corrected patches if any flaws are found.