Tool thwarts OS X malware tricks

By

Fills gap left by Apple.

A security researcher is developing a simple open source security tool to help Mac users fight malware.

Tool thwarts OS X malware tricks

Ice the Guardian used TrustedBSD to monitor the LaunchDaemon and LaunchAgents folders for modifications that often indicate malware infection.

Almost all OS X malware gains persistency by adding itself as a system or user daemon — a function that would be detected by the tool.

Creator Pedro 'FG' said the tool fills a security gap left by Apple which despite having the technology in place has not moved to lock down the function.

"Apple has the technology in place so they could probably implement something like this default in OS X," he said.

"Gatekeeper can't be the only obstacle to [malware].

"Apple could do some work in this area instead of delegating everything to the sandbox and Gatekeeper."

The tool was under development and required industry to supply commits to help refine the system which warns users of infection.

"This might require some UI and thinking on how to inform the user and avoid many annoying false positives since most users are not security literate, which is the big part of the security problem these days."

A similar tool dubbed TR-08 was released by the Luxembourg Computer Incident Response Center last year which creates a "basic but effective way of monitoring the addition of new launch objects to standard locations".

Users would need to allow or deny the addition of new objects created in the monitored directories.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:
applegatekeepermacmalwareos xresearchsecuritytool

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?