rollyourownmalwaredetection

OS X: Roll-your-own Malware Detection

Macs are not immune to malware.  Authors of malicious software often try to get a LaunchDaemon or LaunchAgent installed onto your computer in one or more of the following locations:

OS X has a lesser-known feature called Folder Actions.  These allow you to run scripts when an item is added to a folder.  You can set up a simple script that lets you know when an item is added to one of the folders above and then open it to see what was added.  If it is not something you recognize or were expecting, delete it.

jacob_salmlea_folderactionpopoup

Step-by-step Walkthrough

Enable Folder Actions

  1. Right-click one the the folders listed above
  2. Choose Services > Folder Actions Setup…
  3. Check Enable

Assign A Folder Action

  1. Click the plus sign on the right side of the window
  2. Highlight add – new item alert.scpt
  3. Click Attach

Repeat the steps above for each folder you want to monitor.  When a new item is added to any of these folders, a window will popup asking if you want to view it.

 

Leave a Reply