Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to malware
Malware

Apfell

Apfell is a macOS-focused JavaScript for Automation (JXA) agent in the open-source Mythic/MythicAgents command-and-control and post-exploitation framework. The provided content describes it as written specifically for macOS/OSX and used as a payload/agent for post-compromise operations. Reported capabilities include extensive data collection and reconnaissance, screenshot collection, theft of Google Chrome data, and password capture via a fake prompt. In one observed infection chain, Apfell was used to create a new macOS user with administrator privileges. Apfell has been observed delivered through software supply-chain compromises, including malicious npm packages such as eslint-verify-plugin and ambar-src. In those cases, macOS infection used osascript to execute the JXA payload after package installation, with exfiltration/C2 traffic reported to Yandex Cloud infrastructure in the ambar-src campaign. The content also places Apfell within the broader Mythic ecosystem, which supports multiple C2 protocols and has been linked by researchers to adversaries operating in the wild.

Share:
For your environment

Hunt this family in your stack

Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.

Start free trial
MITRE ATT&CK

Techniques & procedures

15 distinct techniques documented for this family, organized by ATT&CK tactic.

Initial Access

1 technique
T1195.001Compromise Software Dependencies and Development ToolsEvidence1

"Cybersecurity researchers have discovered four malicious NuGet packages... designed to target ASP.NET web application developers..." and "a malicious npm package named ambar-src..."

Execution

3 techniques
T1059Command and Scripting InterpreterEvidence1

The macOS infection sequence executes Apfell, a JavaScript for Automation (JXA) agent for macOS... drop ScreenConnect on Windows and a Python reverse shell on macOS and Linux machines.

T1059.002AppleScriptEvidence1

Рабочее решение — apfell-агент, который работает через osascript (AppleScript, T1059.002, Execution) и не зависит от архитектуры процессора. Callback через osascript проходит на arm64 без проблем.

T1059.007JavaScriptEvidence1

"...uses osascript to run JavaScript responsible for dropping Apfell, a JavaScript for Automation (JXA) agent..." and "trigger the execution of malicious code contained within index.js"

Persistence

1 technique
T1136Create AccountEvidence1

The macOS infection sequence executes Apfell... to conduct extensive data collection and create a new macOS user with admin privileges.

Defense Impairment

1 technique
T1553.001Gatekeeper BypassEvidence1

Обход Gatekeeper (T1553.001, Defense Evasion)… Gatekeeper проверяет атрибут com.apple.quarantine у скачанных файлов и блокирует неподписанный или ненотаризованный код. А вот при доставке через curl, scp или rsync — не ставится, и Gatekeeper молчит.

Credential Access

2 techniques
T1552Unsecured CredentialsEvidence1

The malicious code embedded into the packages comes with capabilities to siphon system information, access tokens, environment secrets, and API keys from developer environments... It also harvests API keys for nine large language models (LLM) providers.

T1555Credentials from Password StoresEvidence1

The entire attack chain unfolds over two stages: a first-stage component that captures credentials and cryptocurrency keys and then loads a secondary stage that subsequently performs deeper harvesting of credentials from password managers.

Discovery

1 technique
T1082System Information DiscoveryEvidence1

The malicious code embedded into the packages comes with capabilities to siphon system information... Some of the data stolen by the agent are as follows - System information

Collection

2 techniques
T1113Screen CaptureEvidence1

Some of the data stolen by the agent are as follows - ... Screenshots

T1115Clipboard DataEvidence1

Some of the data stolen by the agent are as follows - ... Clipboard contents

Command and Control

3 techniques
T1071Application Layer ProtocolEvidence1

The same is true for installing C2 Profiles: sudo ./mythic-cli install github https://github.com/MythicC2Profiles/http | Installing Agents and C2 Profiles The Mythic repository itself does not host any Payload Types or any C2 Profiles... sudo ./mythic-cli install github https://github.com/MythicC2Profiles/http

T1071.001Web ProtocolsEvidence1

"...relays traffic... to the attacker's external C2 server" and "exfiltrated... to a Yandex Cloud domain"

T1105Ingress Tool TransferEvidence2

Mythic provides a command, ./mythic-cli install github <url> [-b branch name] [-f] , that can be used to install agents into a current Mythic instance.

Exfiltration

1 technique
T1041Exfiltration Over C2 ChannelEvidence1

"...begin transmitting the ASP.NET Identity data through the local proxy to the external infrastructure." and "Once the data is collected, it's exfiltrated..."

ACTIVITY FEED

Recent activity

4 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

4 SOURCESView more in app
the hacker newsNews
Feb 25, 2026
Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware

Mythic C2 JXA agent used on macOS to conduct reconnaissance, collect screenshots, steal data from Google Chrome, and capture system passwords via a fake prompt.

Read more
tenable blogNews
Feb 24, 2026
New malicious npm package 'ambar-src' targets developers with open source malware | Tenable®

Open-source Mythic agent for macOS (JavaScript) delivered via the malicious npm package’s preinstall chain; provides post-compromise capabilities such as host reconnaissance, screenshot capture, Chrome data theft, and credential/prompting via fake password dialogs.

Read more
the hacker newsNews
Feb 23, 2026
Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

macOS JXA agent used for extensive data collection and privilege-establishing actions such as creating a new admin user.

Read more
red canary threat reportNews
Jan 1, 2026
C2 Frameworks - Red Canary Threat Detection Report

A Mythic agent implemented as a JavaScript for Automation script for OSX.

Read more
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets match these IOCs, which detections are missing, which campaigns to expect next, and what to do in the next 30 minutes.
Start free trial
IOC matching

Match every observed IP, domain, and hash against your live telemetry.

Threat actor attribution

Named campaigns wielding this family, with evidence pinned to each claim.

Exploited vulnerabilities

CVEs this family uses for access and lateral movement.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

MITRE ATT&CK mapping15

Every documented technique, ranked by evidence weight.

Researcher chatter

Reddit, Mastodon, and CTI community discussion around this family.