macOS Malware Scanner
Automated threat detection for macOS - scanning persistence locations, running processes, browser extensions, and known malware signatures using only native system tools.
- ▸ Known macOS malware: OSX/Shlayer, Pirrit, CrescentCore, Genieo
- ▸ Cryptocurrency miners (XMRig, cpuminer)
- ▸ Reverse shells and netcat listeners
- ▸ Suspicious hacker ports (4444, 5555, 31337)
- ▸ Malicious Launch Agents & Daemons
- ▸ Hidden files in temp directories
- ▸ Suspicious browser extensions with excess permissions
- ▸ Modified critical system binaries (file integrity)
- ▸ Adware and PUPs: MacKeeper, SearchMine, Conduit
- ▸ Keyloggers and input managers
- ▸ Data exfiltration patterns in scripts
- ▸ Privilege escalation indicators
║ macOS Malware Scanner v1.0 ║
╚════════════════════════════════════╝
▶ Checking Persistence Mechanisms
[HIGH] Suspicious launch item found
/Library/LaunchDaemons/com.unknown.plist → /tmp/.hidden
▶ Analyzing Running Processes
[PASS] No cryptocurrency miners detected
[PASS] No netcat listeners detected
▶ Scanning for Adware / PUPs
[MEDIUM] Potential adware: MacKeeper
/Applications/MacKeeper.app
╔════════════════════════════════════╗
║ Scan Summary ║
╚════════════════════════════════════╝
High: 2 Medium: 3 Low: 0
Commercial AV tools like Sophos or Malwarebytes are essential - but having a lightweight, dependency-free spot-check tool is genuinely useful in IT helpdesk and SOC environments where you need a quick answer without deploying additional software.
Building it forced me to research exactly where macOS malware hides, how persistence works on the platform, and what behavioural indicators separate legitimate software from threats. That knowledge transfers directly to defensive security work.
The tool is intentionally read-only - it detects and reports but never modifies files. Detection first, remediation separately and carefully.