Reverse Engineered Antivirus Detects Classified Documents

A recent, most-excellent post over at the Objective-See blog (seriously, go and read it) details how the author, Patrick Wardle, dissects and manipulates the antivirus (AV) signature mechanism present in the macOS version of a traditional, signature-based antivirus software suite to achieve arbitrary false-positive detection. The flavoring of his post, of course, is the ongoing fracas surrounding the product's alleged potential for misbehavior in identifying and exfiltrating sensitive government documents on a computer protected by the product – a claim the suite's developers deny vehemently. Wardle elects not to comment on it – as do I – choosing instead to ask and answer the question, "Can an AV product be induced to: (1) arbitrarily and incorrectly identify a file as desired by an adversary, and, if (1) then (2) exfiltrate the files identified?" As detailed in the blog, Wardle reversed the AV product's scanning engine's behavior, which enabled him – and presumably any other sufficiently skilled attacker – to modify (he writes'extend') the way in which the product identified malicious files when scanning. Once understood, Wardle utilizes a method for writing bytes into remote processes to patch what the AV engine is looking for. That is to say, Wardle's success is possible because of the product's usage of AV signatures.