Jamf Threat Labs. Mac and mobile threat researchers.
Cutting-edge malware and network research.
What is Jamf Threat Labs?
A team of Mac and mobile security experts drive the intelligence behind Jamf’s platform. Combining researchers, analysts and detection engineers, the team focuses on understanding emerging threats impacting today’s workforce.
Jamf Threat Labs for Mac
macOS threat detection expertsOur Mac team's deep Apple expertise means that we understand the unique security threats targeting macOS systems. Specialized research helps customers detect and respond to malicious macOS activity.
Beacon by Jamf Threat Labs
Dedicated threat hunting service for macOS environments.Our years of Mac expertise on Mac threat vectors allows us a deep understanding of:
- The tactics, techniques and procedures of macOS threat actors
- How to identify and analyze gaps in macOS configurations
- The macOS vulnerabilities that threat-actors exploit
Beacon is available in Private Beta.
What sets Beacon apart?
Apple expertise
An Apple-focused overwatch service, using tools built on Apple’s Endpoint Security API.
Mac telemetry
We identify Apple-specific attack techniques like overriding gatekeeper controls or stealthy persistence.
Operational power
Use our actionable guidance how you want: with full control of containment, remediation and policy changes.
See Beacon in action
Jamf Threat Labs for mobile
Mobile threat detection and analysisOur mobile team specializes in mobile threats: with expertise in mobile forensics, advanced malware, operating system internals and mobile application risk.
Our mobile team offers expertise in:
Mobile app risk
Malicious campaigns, data leaks and risks impacting iOS and Android apps
Network threats
Zero-day phishing attacks, malicious sites, command and control (C&C) servers and more
APTs and spyware
Researching advanced mobile malware and sophisticated attack techniques
Stay informed: read the latest Jamf Threat Labs research
GhostClaw expands beyond npm to steal data
Learn how the GhostClaw malware campaign uses GitHub repositories and AI-assisted development workflows to deliver credential-stealing payloads on macOS.
Predator spyware hides microphone and camera use
Jamf Threat Labs analyzes how a commercial spyware sample (Predator) operates post-compromise.
Security 360: Mac
The 2026 Mac Threat Report offers a focused look at enterprise Mac security trends combining real-world incident analysis, original threat research and expert insight to help security teams strengthen their defenses.
Security 360: Mobile
As mobile continues to drive modern workflows, it also introduces new security challenges that IT and security teams must solve. This report explores the evolving mobile threat landscape for smartphones and tablets.