Supply chain + dev tooling is also a real macOS vector now

Attackers have identified the fastest and most reliable path onto macOS systems: exploit the tools developers already trust. Rather than attempting to breach perimeter defenses or exploit zero-day vulnerabilities, threat actors are poisoning the developer supply chain—the package managers, build tools, and CI/CD pipelines that developers use daily and inherently trust. This attack vector is devastatingly effective because:

• Developers have elevated privileges - Often have access to production systems, cloud infrastructure, and sensitive repositories
• Package managers auto-execute code - npm postinstall scripts, pip setup.py, gem post_install hooks run automatically
• Trust is assumed - Developers expect packages from npm/PyPI/RubyGems to be safe
• Detection gaps exist - Security tools focus on perimeter defense, less so on internal development workflows

Traditional supply chain attacks targeted Windows endpoints. Now, because macOS dominates developer workstations (73% of developers use macOS according to Stack Overflow 2024), attackers have pivoted to macOS-specific techniques exploiting npm, node, Homebrew, and developer-focused social engineering.

Observed Patterns:

• Malicious npm package (https-proxy-utils) dropping AdaptixC2 on macOS via postinstall scripts and persisting via LaunchAgents.
• DPRK-aligned deceptive behavior targeting developers with trojan scripts named like real tools (e.g., patch.sh).

Detection implication:

• Explicit "dev supply chain" detection pack:
  • npm/node spawning shell, curl, or LaunchAgent creation.
  • New LaunchAgents linked to tools, package managers, or IDEs.
  • Suspicious scripts and binaries introduced via recruitment/job flows or CI/CD.

Real-World Usage:

• AdaptixC2 Campaign (October 2025): Malicious npm package https-proxy-utils mimicked legitimate proxy utilities (which have 70-90M weekly downloads), deployed AdaptixC2 C2 framework via postinstall scripts, persisted via LaunchAgents on macOS.
• Shai-Hulud Worm (September 2025): Self-replicating npm worm compromised 500+ npm packages including @ctrl/tinycolor (2M+ weekly downloads) and CrowdStrike packages.
• Shai-Hulud 2.0 "The Second Coming" (November 2025): Resurgence affecting Zapier, ENS Domains, PostHog, Postman packages. 25,000+ GitHub repos compromised across ~500 users.

Detections (for Anvilogic customers):

• macOS Gatekeeper Bypass via Quarantine Attribute Removal
• Suspicious LaunchAgents Persistence from npm/node Processes
• Malicious npm Package followed by LaunchAgent Persistence

‍