A proof-of-concept implementation demonstrating how macOS stealers function. This project serves to illustrate common techniques and behaviors employed by macOS malware for research and defensive purposes.
This software is provided for educational and research purposes only. The author does not endorse or encourage any malicious use of this code. Users are responsible for complying with all applicable laws and regulations.
This is a proof-of-concept only. It was created for educational and research purposes to help understand malware behavior and improve defensive measures. Do not use this code for malicious purposes. The author assumes no liability for any misuse of this code.
The code in this repository helps security researchers and defenders:
- Understand common macOS stealer techniques
- Study malware behavior patterns
- Develop better detection and prevention methods
- Learn about macOS security mechanisms
- Go 1.24.1 or higher
go.mod(dependencies will be automatically installed when building)- Python 3.x
- Go 1.24.1 or higher
go.mod(dependencies will be automatically installed when building)
- nodejs + npm (author used node v23.10.0 and npm 10.9.2)
-
Clone the repository:
git clone https://github.com/githubesson/paradox cd paradox -
Build the server:
cd server go build -o paradox-server .
-
Setup the frontend panel:
cd ../frontend npm i
-
Start the server:
cd server ./paradox-server -
The server will listen on 127.0.0.1:8080.
-
Start the web panel:
cd ../frontend npm run dev -
Register an account in the web panel (127.0.0.1:3000/register)
-
Build a payload via the web panel
-
Run the client
.
├── built/ # Clients built by the server
├── server/ # Go server implementation
├── frontend/ # Frontend panel
└── payload/ # Clientside code
Note: This is a proof-of-concept implementation. Some features may be incomplete or require additional configuration.
- Twitter - https://x.com/7N7
- Others - https://misleadi.ng