Jamf Blog

MobiDash evolved from simple adware into a sophisticated Android fraud platform that hides inside repackaged legitimate apps, combining click injection, phantom ad rendering via VirtualDisplay and residential proxy infrastructure, all orchestrated by a C2 server capable of pushing live code to infected devices.

Jamf Threat Labs analyzes leaked source code of a Safari exploitation kit (DarkSword) and the impact of this disclosure on the mobile ecosystem.

Commercial spyware defeats Apple's pointer authentication and achieves kernel memory access. Jamf Threat Labs investigates.

Jamf Threat Labs discovered a ClickFix-style macOS attack that abuses the applescript:// URL scheme to launch Script Editor and deliver an Atomic Stealer infostealer payload — bypassing Terminal entirely.

Get expert advice and Mac-specific threat intelligence with Beacon by Jamf Threat Labs.

Jamf Threat Labs details how the GhostClaw malware campaign uses GitHub repositories and AI-assisted development workflows to deliver credential-stealing payloads on macOS.

Discover how combining Jamf Mobile Forensics with Developer Mode creates an environment that sophisticated malware is engineered to avoid.

Jamf Threat Labs analyzes how a commercial spyware sample (Predator) operates post-compromise.