Advanced Guide to Understanding Mac OS X Malware
Note: This is an advanced topic aimed at expert Mac users. Macs are generally thought of as secure, certainly at least compared to the alternative world of Windows. But the reality is that while Macs are generally more secure than Windows, there is still legitimate potential for malware getting through to Mac OS X, despite GateKeeper, XProtect, sandboxing, and code signing.
That’s what this excellent presentation from Patrick Wardle, the Director of Research at Synack, a cyber security solutions provider, explains quite well, offering a thoughtful and detailed look of the current security implementations built into Mac OS X, and how they could be circumvented by malicious intent to attack a Mac.
Additionally, the Synack overview goes further and provides an open source script called KnockKnock, which displays all Mac OS X binaries that are set to execute upon system boot, potentially helping advanced users to examine and verify if anything shady is running on a Mac.
The excellent document, titled “METHODS of MALWARE PERSISTENCE on OS X”, is broken into five major parts: