Even if you suspect that your MacOS computer is infected with malware, it can be difficult to pinpoint. One way to detect malicious programs is to look for suspicious behavior, such as: For example, programs that listen to our keystrokes or start each time we start. Thanks to the free MacOS tools ReiKey and KnockKnock we can detect suspicious programs for the detection of keyloggers and other malware lurking on our system.
There are many ways that a keylogger or malware can end up on your MacOS system. It can be an infected file, a hacker with a USB Rubber Ducky, or probably a jealous spouse or overprotected family member trying to monitor your actions. Ensuring that your communication is not intercepted by anyone is a concern for anyone who values their privacy, but how much malware is there for MacOS?
Malware for MacOS
Patrick Wardle, a former NSA hacker who creates MacOS security tools, investigates malware for Apple Devices was written. On his website https://objective-see.com/, Patrick hosts live examples of MacOS malware that researchers can investigate, and the variety of malware discovered in the wild is shocking. A simple keylogger search will find five different types of keylogger malware for MacOS devices.
This is a challenge: how can we defend ourselves against all these different types of malware, even if keyloggers come in five different flavors? Wardle's answer is to look for the behavior of malicious programs like keyloggers, rather than just looking for programs themselves.
For example, a keylogger accesses the event stream on our keyboard so an attacker can intercept any key the victim types. When you see every key entered, you can learn account passwords, intercept communications, and much more. However, to be really effective, these programs must be run as soon as we log on to our computer. This means that harmful programs are usually permanently installed so that the victim does not have to open the malicious file more than once.
ReiKey & KnockKnock can detect new types of malware
First, we can use ReiKey to search for one of them Key features of a keylogger: Programs that have intervened in our keyboard stream. If you are looking for keyboard-stream access, you will be alerted to all keyloggers installed on our system that are not just detected by an anti-virus program.
Since a keylogger is also permanently installed, you can detect it with another free tool called KnockKnock. When you run KnockKock, permanently installed programs are divided into easy-to-understand categories. These include types of programs that are typically used by malware to run permanently: browser extensions, launchers, kernel extensions, and plugins.
After scanning your system KnockKnock detects any permanently installed object and verifies that it is tagged in VirusTotal.
If your system lurks in malware, acknowledge it Click on the "About" icon for more details. If you've detected any files that VirusTotal has identified as suspicious, this is a strong indication that your system is at risk from malware, adware, or other harmful and unwanted programs.
Try these programs and see what we can find on our Mac.
What you need
To use KnockKnock and ReiKey, you need a current date on which to install the MacOS system , You will also need an internet connection and a browser to download the installers.
Download the installer and unpack it. Double-click on the file "ReiKey Installer.app" to start the installation program.
Step 2: Installing ReiKey
When the installer opens, simply click the "Install" button to install ReiKey on your MacOS system.
Once the installation is complete, you can click "Next" to close the installer. You should now have a ReiKey icon in your system tray that gives you access to the app's settings.
Click on the ReiKey icon in the system tray and then on "Preferences." There, you can access the configuration options and choose whether to log in will be displayed with an icon in the status bar and whether Apple's programs should be ignored when scanning.
When I was running a Python keylogger, it was The following warning message appears on my device:
Now ReiKey is installed Let's do a scan and configure.
Click Click on the ReiKey icon in the status bar again and this time click on the "Scan" option, a window with the scan results opens, in which ang It shows whether programs are typing on our keyboard.
Here we see a negative result. If you see something here, it means that every time a button is pressed, a program will listen.
Next, we install KnockKnock to look for persistent malware. Navigate to the page for KnockKnock. Find the download icon for the app in the upper left corner.
Once KnockKnock has been downloaded, you can run it directly without having to run an installer.
Step 5: Scan your MacOS system
Run the downloaded "KnockKnock.app" file. The following window should open. First click on the arrow symbol to start a scan. To scan, you must grant the app access permissions to various folders and programs when running the latest version of MacOS, Catalina.
After When you scan the files in your system, a list of permanently installed programs appears. Many things may be permanently installed that are not malicious. Check each result to see if you recognize the program. For example, if you have browser extensions that you do not use or recognize, it may be a good idea to remove them.
Do not miss: The ultimate guide to hacking macOS
We can also identify programs with suspicious properties. Here we see that a permanently installed script is not signed. This is indicated by the unlocked icon.
If you would like to have a closer look, click on the "About" icon to see more details.
Step 6: Review Suspicious Persistent Items.
If you want to have a closer look at a file, click on the VirusTotal rating. The result shows the recognition rate and a link to the report. If you want to resend the file, click Rescan to resend it to VirusTotal.
Resending gives you access to a detailed report. Here we see the recognition report for the previously marked unsigned "Tor" program we found.
This file does not appear to be malicious. That's how we would discover and test it.
The average MacOS user may have difficulty identifying malware on their computer. Thanks to ReiKey and KnockKnock, software that behaves badly can be detected immediately after installation. If you are worried that a partner is installing a keylogger, an employer is listening to your computer or hanging around unwanted adware and consuming memory, these tools will make it easy for you to keep your MacOS system free of spyware and persistent malware.
Find more free security tools for MacOS under "Products" at object-see.com.
I hope you liked this malware detection guide on your MacOS computer with ReiKey and KnockKnock! If you have questions about this tutorial on backing up your Mac, please contact the following address. If you have a comment or an idea for a future episode, feel free to contact me on Twitter @KodyKinzie .