By scanning downloaded binaries for known viruses?

A text command pasted into the terminal isn't a binary.

Convincing a Linux user to paste rm -rf / into the terminal is not malware. It's social engineering.

Scanning binaries for known malware is already built into the OS.

Endpoint security software on the Mac, if it's worth the hit to system resources that is, inspect every call to exec and fork that occur in the kernel and also inspect those for known attack vectors, malicious scripts, etc. The one I have installed on my work Mac will kill reverse shell attempts before they are run. Will stop keychain attacks. Infostealing (as they can also get every file system op as they are happening in the kernel).

Gatekeeper and Xprotect are good, but there's only so much they can do.

Which do you use/recommend?

Antivirus programs will run on PowerShell scripts, VBScript files, JScript files, and all other kinds of automation on Windows.

The screenshots from the article clearly show a permission prompt for a program. Whether that's a binary or a shell script or something else doesn't matter, the infection stage should've been caught by anti malware rather than permission prompts.

Windows Defender does this already. If Apple's AV can't catch this, I think they may be relying on their DRM-as-a-security-measure (signatures, notarisation, etc.) a bit too much.

> Scanning binaries for known malware is already built into the OS.

Clearly it isn't. XProtect is a joke. It's 2004-era ClamAV level of protection.

The article specifically mentions that the methodology here is to trick users into running an obfuscated CLI command…that downloads and runs a binary

Terminal commands have the ability to do dangerous things, like deleting all the user's files.

In this case, the user is warned that the command wants to do something dangerous and must manually allow or deny the action.