Friday, September 27, 2019


Patrick Wardle (via Leo M):

Malware installs itself persistently, to ensure it’s automatically re-executed at reboot. BlockBlock continually monitors common persistence locations and displays an alert whenever a persistent component is added to the OS.


This alert contains the name and path of the process that installed the persistent component, as well as details about the actual persistent component. Moreover, it shows if the process (that created the persisted item) is signed by Apple, signed by a 3rd-party, or is unsigned[…]

It’s the equivalent of LittleSnitch for auto-launching background processes.


Comments RSS · Twitter

Leave a Comment