Inside the Emerging Threat of macOS Infostealers

How Reverse Engineering and Automating IOC Extraction Are Powering Proactive Defense

Infostealers are no longer just a Windows problem. macOS is now in the crosshairs, and security teams need to catch up.

In this technical deep dive, Flashpoint’s intelligence team will break down how threat actors are leveraging macOS infostealers, with a spotlight on Poseidon Stealer—a sophisticated strain that remains active even after its source code was sold in 2024.

You’ll get a firsthand look at how our team reverse-engineered Poseidon, automated its configuration extraction, and uncovered high-value IOCs that defenders can use today.

We will cover:

• Why Poseidon matters: How it works—and what makes it stand out in the macOS ecosystem
• Reverse engineering in action: Tactics used to dissect and understand the malware’s core capabilities
• From analysis to automation: How we scale IOC extraction without sacrificing depth

Meet The Speakers

Kecia Hoyt

VP – Technical Intelligence

Paul Daubman

Senior Malware Analyst