How do I detect malware on Mac OS X?

  • I have a computer running OS X, and I want to know if there's malware (e.g. a keylogger, or something that lets an attacker control my computer, or something that stops me from installing whatever I want) installed on the computer. How can I tell if I have something like that? How can I remove it if I have it?

    Is it your machine, or is it company owned? That won't necessarily inform the response, but may limit what you can do about it.

    it is company owned.

    Question title was modified in sense. Please ask another question if the meaning differ!

    As malwares/keylogger/trojan also can infect a Mac system. Probably you need an security product ( For instance www.quickheal.com/qhmac‎ ). [ I am not associated with the product ]

    → Vans: Could you reply the 2nd key question asked by Bob? Better, could you add the answers to his 2 first questions? These are questions everyone will ask you before being able to answer you cleverly. Your answers will determine in which field we are helping you with a security problem: technically, legally, capability.

  • A lot depends on the relationship between you and the machine - is it your own? Do you have administrator access to it? Since you mention that it's corporate owned, do you have an administrator that has ok'd a keylogger (for whatever reason)? It's possible (or, in fact, likely) you won't be able to remove it without drastic steps - specifically without re-imaging the machine with a known-good OS install. I don't know of any corporate environments where they'd let you do that.

    Unfortunately, with a corporate owned machine, they're likely allowed to install whatever they want, and any measures you take to circumvent the logger may well get you fired.

    Some things that you may be comfortable trying though:

    • It may be worth installing an anti-malware tool of some sort - from any of the big vendors Norton, McAfee, etc. - and seeing what turns up. You may be able to sell this to your administrator by pointing out that Macs get malware too, and that you'd like to be protected.
    • See if you can get chkrootkit to run, as most keyloggers are rootkits.
    • See if you can get Little Snitch installed; keep an eye out for anything suspicious. Any keylogger is only useful to an attacker if they can get that info out somehow.

    Unfortunately, since a keylogger is likely to have revealed your passwords, etc. to an attacker, and is generally a sign of a relatively sophisticated attack - it's very likely that the logger itself has managed to get itself installed as a kernel module or rootkit and so even a clean AV sweep isn't an indication you're clear. You really need to consider that just wiping it may be your only option; start fresh and if you're worried about people you know breaking in, keep a close eye on the machine, keep it locked when you're away and keep your passwords complex and secret.

    I only want to know if there is a keylogger or rootkits installed on the computer.

    "_Unfortunately, with a corporate owned machine..._". Why exactly is this "**unfortunate**"? They own the machine, they are nice enough to let you use it for work, and that's it. There's nothing unfortunate about a company wanting to control how its computers are used.

    → Ramhound: isn't this exactly what Vans is looking for here ☺?

    You can install `chkrootkit` from homebrew. And run it with root privileges

    Who has reviewed the source code for all of the chkrootkit C programs, especially the script “chkrootkit”, to ensure that they aren’t infecting our computers with rootkits or key loggers?

  • This may vary across a lot of different consideration

    • Who's the owner of the machine
    • Who's the owner of your work time
    • Locals and country laws about privacy protection
    • Enterprise contracts who may precise limit of employee privacy

    At all, I think trusting is needed for good work.

    Nota: As keylogger act like a virus, first thing he do is to hide himself, so whithout strong computer knowledge and full access right to the machine, you can't obtain reliable information (whithout installing strongs tools in a computer that's not your...).

    About what to do:

    • Ask your boss!
    • Trust your boss!
    • If really in doubt, without strong computer knowledge, don't try anything! If you're not the owner of material, everything you do could be reproach to you!!
    • If you think your boss lie and do illegal things, refer to police or syndicates...

    Three possibilities anyway:

    Warning: This may by called spying or reverse engeenering! Both is illegal in many countries and could send you and your accomplice to jail!!

    Keep in mind: If it's not your, you don't have right to alter them anyway!

    • Install a linux bridge between your network connection and your Mac, dump all network traffic and submit the dump to a trusted friend.
    • Boot you Mac with a read-only live system which you can use for scanning your hard drive against rootkits and keyloggers.
    • Begin to search for another job...

    Ok. I only want to know if there is a keylogger or rootkits installed on the computer.

    As keylogger act like a virus, first thing he do is to hide himself, so whithout strong computer knowledge you can't obtain reliable information (whithout installing strongs tools in a computer that's not your...).

    Ask you boss, if he lie, this come to be another story...

    I only want to know if there is a keylogger or rootkits installed on the computer.

    @VansFannel I rightly understand, but unfortunately, you can't, without having to do discutable things.

    So, if I ask you that I want to know if there are keyloggers or rootkits on MY MacOS, will I get the same answer from you?

    @VansFannel not exactly, I material is your, scanning your hard-drive is not illegal, anyway you need strong computer knowledge to find a *virus* who claim to be not present and hide all ways to find them... (Installing a linux brigde on work's network stay forbiden.)

    As you can see, the question is: How to detect KeyLogger on Mac OS X ? I'm not asking about if search for keyloggers it's legal or illegal. I'm sure we leave in different countries with different laws.

    And my answer is: As keylogger is a kind of virus, without strong computer knowledge, u can't obtain reliable info by yourself! (anti-virus at root-kit-scanner won't find more that he can search about....)

  • How can I know that? How can I uninstall all?

    The only real answer to both of these is to wipe the machine and re-install OS X. Technically, there could be some kind of hardware device recording your actions, but that is not very plausible unless you have highly valued assets (or unless you are a highly valued asset yourself).

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM