Ready for macOS Threats: Expanding Your SOC’s Cross-Platform Analysis with ANY.RUN 

ANY.RUN announces macOS support in its interactive sandbox for enterprise SOCs and illustrates its utility with a macOS malware example (Miolab Stealer). The report summarizes how the stealer uses deceptive system dialogs to capture credentials, runs AppleScript to collect user files, archives data with ditto, and exfiltrates via HTTP POST (curl), highlighting the need for interactive analysis to trigger user-driven malicious behaviors.