How to Secure Your Mac from Malicious Keyloggers and Malware

There has been a debate on whether Mac is Virus-free compare to other Machine like Windows computer. Evidently, while Mac is less frequent to be the target they are also prone to any possible security threats. KeRanger was the first real-world ransomware that targeted Mac machines in 2016. Fortunately, a good network hygiene plus tools such as anti-virus can circumvent such malicious acts. On this page we will discuss tools that created by a former NSA researcher Patrick Wardle https://objective-see.com/about.html

Today, I will be installing

  • KnockKnock and,
  • TaskExplorer

Navigate to https://objective-see.com/products.html

Download the file and save it to your preferred location and let’s get to it!

First, you need to locate the file and double click on it and follow the screen instructions.

Installing KnockKnock

 

 

 

 

 

 

 

 

 

 

 

Next, click ‘open’ and it will prompt you to give access. You can either opt out of grant.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Once it’s installed a desktop UI will show similar to the screenshot below.

 

 

 

 

 

 

 

 

 

 

 

Now that the application is installed in our system, you can see a variety of things showing that might be an issue on your Mac. So, for the sake of this tutorial lets’ go ahead and scan my iMac to see what’s going on inside.

 

 

 

 

 

 

 

 

 

 

 

 

So, the result yield to zero which is a good sign otherwise we will have to investigate further. So, I am scanning another application.

 

The next scan yield to a result of 21 non-OS items which if this happens to you, you may want to look into and see what those are.

 

So, some of the result came back as non-threat. For example, my computer has installed a widget (extensions) that runs automatically when I start my Mac. As shown below.

 

 

 

 

 

 

 

 

 

 

You can expand and get more details on the applications if you wish to by clicking the either of this icon.

 

 

 

 

 

 

 

 

 

 

 

 

 

For example, I click one of the info to expand it a bit, and the result came back as shown below

 

 

 

 

 

 

 

 

 

 

So this tool is very helpful to see any possible security threat unless you authorized the installation of these applications in your computer. This also provides as an active monitoring tool to see which are installed in our computer and whether we want them.

 

TaskExplorer

Another tool that will give us more information about the applications installed in our computer is called TaskExplorer. This tool is pretty helpful if we suspect any program that is running in the background that is kind of suspicious and we want to know if this is one of the previous application that we sign or not.

 

Download the file from the page https://objective-see.com/products.html

 

Locate where you download your file, I just keep mine of download folder.

Depend on your security, mine set up to that I will approve any applications downloaded outside Apple to be verify by me, so for this example I’ll just hit ‘Open’.

 

 

 

 

 

 

 

 

 

 

 

 

You will receive a warning that it is downloaded from the Internet, just click ‘Open’

 

 

 

 

 

 

 

 

 

 

 

 

It will prompt another question and just hit or click OK and it will ask you to input your password.

 

 

Prompt

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Click “Authenticate”

 

Now on the next screenshot, you will see all the various things that is running.

 

 

 

 

 

 

 

 

 

 

 

 

You have the option to choose between tree view or flat view. So for the sake of this tutorial i’ll settle for flat view (I just like how it look – I guess).

I will look for anything suspicious which would be indicated through “red” color. So, as you can see I have this file called

 

 

 

 

 

An it states ‘encrypted’. This file maybe has some payload in it that’s why it’s encrypted and that I need to decrypt it. So, this is pretty basically where you need to make a little more digging to see and gather more details about such application. So, on this particular ‘flag’ you can expand and get more details about the application. You can do so in multiple ways such as by clicking the info section (insert icon of info). It will give you the hash, size in bytes and signature of the file which is very important part of your investigation

 

 

 

 

 

 

 

 

 

My Take?

These tools are pretty easy and you don’t need to have a background in computer science or you don’t need to be techy in order to protect your environment. The site https://objective-see.com/products.html gives a lot in-depth explanation of various tools and explanation that I highly recommend you should try. I’ve used LuLu and DoNotDisturb which provide additional layer of security to know if someone is trying to access my computer.