Blogger Jacob Salmela came up with a really simple way to help you detect an installation of malware in OS X by using some built-in resources ( Folder Actions) of the operating system itself. To drive their malware, bad guys attempt to get a LaunchDaemon or LaunchAgent installed in one or more of the following locations in your computer:
/Library/LaunchDaemons
/Library/LaunchAgents
/System/Library/LaunchDaemons
/System/Library/LaunchAgents
/Users//Library/LaunchAgents
Salmela’s solution is to use a feature (Folder Actions) on each of these locations to alert you when an item is added to any of the above folders. This allows you to see what is being added, and make a decision to keep the newly added item (if you recognize it), or simply delete it.
Here’s how to set it up:
Enable Folder Actions
- Right-click one the the folders listed above
- Choose Services > Folder Actions Setup…
- Check Enable
Assign A Folder Action
- Click the plus sign on the right side of the window
- Highlight add – new item alert.scpt
- Click Attach
Repeat these steps for each folder you want to check. When a new item it added to any of these folders, you will see a pop-up window asking if you want to view the new addition.
There you have it. A simple and elegant malware solution for malware detection, that is also FREE!
Source:
You could try using launchd, but it is more complex to setup and not quite as effective:
http://jacobsalmela.com/folder-actions-yosemite-broken-use-launchd-instead/
Biff,
Thanks for the tip. I’ll see what I can do with launchd.
Best Wishes,
Larry
the fifth line is missing the actual user shortname
notice the
/Users//Library/LaunchAgents
$ open /Users/Library/LaunchAgents
The file /Users/Library/LaunchAgents does not exist.
Can be changed to
/Users/myShortName/Library/LaunchAgents
or better yet
~/Library/LaunchAgents
Bill,
Good catch…..I’ll make the appropriate correction to my article.
Larry
Forgot to say Great Article…
Bill
glad you liked it.
Larry