[MacTUG] Tips to detect malware on macos
Marlon Griffith
m3griffi at engmail.uwaterloo.ca
Wed Feb 24 09:42:24 EST 2021
From 'Mysterious malware infects 30,000 Mac computers - TechRepublic,'
"""
... On a more technical security or developer level, Red Canary also
offers the following advice to enterprises:
Look for a process that appears to be PlistBuddy executing in
conjunction with a command line containing the following: LaunchAgents
and RunAtLoad and true. This analytic helps find multiple macOS malware
families establishing LaunchAgent persistence.
Look for a process that appears to be sqlite3 executing in
conjunction with a command line that contains LSQuarantine. This
analytic helps find multiple macOS malware families manipulating or
searching metadata for downloaded files.
Look for a process that appears to be curl executing in conjunction
with a command line that contains s3.amazonaws.com. This analytic helps
find multiple macOS malware families using S3 buckets for distribution.
https://www.techrepublic.com/article/mysterious-malware-infects-30000-mac-computers/?ftag=TRE684d531&bhid=29363232970757656062950319200030&mid=13276985&cid=2265705523
"""
More information about the MacTUG
mailing list