Ready to Start Your Career?

Task Automations on MacOS - AppleScript

Guest Writer 's profile image

By: Guest Writer

November 3, 2018

AppleScript (AS) is not a name frequently used in cybersecurity. This specific language is based on JavaScript and is used exclusively for automation tasks within the Mac OS. AppleScript can be used to move and click a mouse, enter text, resize windows, change volume levels, and generally carry out any input function the user does. The power of this lies in the ability to quickly, efficiently, and quietly carry out any task on the user’s device. These scripts can be loaded and run with physical access, transferred and run via remote access, and even downloaded and run unintentionally by users.

AppleScript Attack?

One popular cybersecurity application of AppleScript is the creation and execution of trojans. These trojans rely on transferring and executing a hidden AppleScript to an unsuspecting user within a downloaded file. This attack is not particularly difficult, and it has been employed by a number of organizations to varying success. One approach is to give the name of another type of file to an AppleScript application. For example, an AS application file can be disguised as a ‘.gif’ or ‘.png’ file by naming it as such. Learning to create your own AppleScript exploits is not very difficult. The language itself is written very naturally and is limited to a specific set of functions. The entire language is broken down into basic commands such as “beep”, “display dialogue”, “say” and “tell” as well as standard syntax statements for object-oriented programming.
This is an example of AppleScript in the classic “Hello World!” program: display dialogue “Hello World!”
The true potential for AppleScript is in the ability to combine these functions in complex and novel ways. You could load a script that renders the mouse unusable, loads several loud music files, and sets the device’s volume to maximum. This could be useful as a distraction or simply a prank, but more advanced scripts can do things like collect and send off system information for storage, search for important files to copy and download, spread to other systems, or shut down several devices. Imagine any task a user can do at the device, and then imagine these tasks can be carried out automatically as quickly and as frequently as possible. Some versions of Mac OS come with an AppleScript “recorder” that you can use to record your input actions, translate it to code, and compile it for execution. These compiled applications can be executed locally, executed remotely, and transferred covertly.


AppleScript is JS based and can be loaded and run with physical access, and transferred and run via remote access. Its specialty is creating trojans that rely on transferring and executing a hidden script to an unsuspecting user within a downloaded file. Because of this, it can be downloaded and unintentionally run by users. The application file can also be disguised as a different file type by altering the name to mimic standard acceptable files like ‘.jpg’ or ‘.png’.Resources:
Schedule Demo