14 DAY TRIAL // VirusTotal, the Web-based virus scanning engine bought by Google in 2012, has announced support for sandbox execution of Max OS X apps.
Sandbox execution is a common technique used for malware analysis. For less technically astute readers, in this particular case, sandboxing refers to VirusTotal creating an environment that mimics a Mac OS X desktop that then lets the app run and logs its behavior.
Back in 2012, VirusTotal introduced sandbox execution support for Windows PE files, and followed with support for Android apps, a year later, in 2013.
Today, the Google-owned company is announcing that the same feature will be available for Mac users, who will be able to upload apps as Mach-O executables, DMG packages, or ZIP archives, and have them tested to a much higher degree of accuracy.
For regular VirusTotal and Mac users, this means that they'll see an extra tab in their file scans, a tab called "Behavioral Information." Here users can read about what operations the app initiates, what processes it starts, and what DNS queries it makes.
This new feature will be available for all VirusTotal users, regardless if they use the virustotal.com website, the Virus Total API, or the existing Virus Total Mac app. VirusTotal customers with commercial access will also benefit from these changes in their tools/services.
Here's a sample report for an infected Mac OS X app.
