Methods of Malware Persistence on OSX presented at Shakacon 2014

by Patrick Wardle,

Summary : As Mac OS X continues to increase in popularity and permeate the enterprise, it is essential for forensic and malware analysts to possess an in-depth understanding of this operating system. Malware, on any OS, is generally designed to persist across reboots. With this in mind, this talk will explore OS X Mavericks and its boot process, with the goal of comprehensively identifying methods that may be used by malicious adversaries to ensure that their malware is automatically executed at boot time. Throughout the talk, real-world examples of OS X malware will be presented that target portions of the OS in order to gain reboot persistence. As a result of attending this talk, participants will gain a thorough understanding of the OS X boot process and components of the OS that are, or may be, targeted by persistent OS X malware.