// project
macOS Malware Scanner
Automated threat detection for macOS — scanning persistence locations, running processes, browser extensions, and known malware signatures using only native system tools.
What It Scans
- ► Known macOS malware: OSX/Shlayer, Pirrit, CrescentCore, Genieo
- ► Cryptocurrency miners (XMRig, cpuminer)
- ► Reverse shells and netcat listeners
- ► Suspicious hacker ports (4444, 5555, 31337)
- ► Malicious Launch Agents and Daemons
- ► Hidden files in temp directories
- ► Suspicious browser extensions with excess permissions
- ► Modified critical system binaries
- ► Adware and PUPs: MacKeeper, SearchMine, Conduit
- ► Keyloggers and input managers
- ► Data exfiltration patterns in scripts
- ► Privilege escalation indicators
Severity Output
===========================
macOS Malware Scanner
===========================
► Checking Persistence Mechanisms
[HIGH] Suspicious launch item: /Library/LaunchDaemons/com.unknown.plist
► Analyzing Running Processes
[PASS] No cryptocurrency miners detected
► Scanning for Adware
[MEDIUM] Potential adware: MacKeeper
High: 2 Medium: 3 Low: 0
macOS Malware Scanner
===========================
► Checking Persistence Mechanisms
[HIGH] Suspicious launch item: /Library/LaunchDaemons/com.unknown.plist
► Analyzing Running Processes
[PASS] No cryptocurrency miners detected
► Scanning for Adware
[MEDIUM] Potential adware: MacKeeper
High: 2 Medium: 3 Low: 0
Why I Built It
Having a lightweight, dependency-free spot-check tool is genuinely useful in IT helpdesk and SOC environments where you need a quick answer without deploying additional software. Building it required researching exactly where macOS malware hides, how persistence works on the platform, and what behavioural indicators separate legitimate software from threats.
The tool is intentionally read-only — it detects and reports but never modifies files. Detection first, remediation separately and carefully.