macOS Malware Collection

Enumerate persistently installed software

OverSight monitors a mac's mic and webcam, alerting the user when the internal mic is activated, or whenever a process accesses the webcam.

The Art of Mac Malware

LuLu is the free macOS firewall

BlockBlock provides continual protection by monitoring persistence locations.

Network Monitor

A DNS Monitor, leveraging Apple's NEDNSProxyProvider/Network Extension Framework

Generic ransomware detector

WhatsYourSign adds a menu item to Finder.app. Simply right-, or control-click on any file to display its cryptographic signing information!

Process Monitor Library (based on Apple's new Endpoint Security Framework)

And open-source version of % sfltool dumpbtm

Scan your computer for applications that are either susceptible to dylib hijacking or have been hijacked.

View all modules on that are loaded in the OS kernel

File Monitor Library (based on Apple's new Endpoint Security Framework)

A (basic) Mach-O Library

View and remove notification messages from Apple's "Notification Database"

checks if an application is pristine (untampered) and from the official Mac App Store

sniff mouse and keyboard events

example project, utilizing Proc Info library

Detect Evil Maid Attacks

process info/monitoring library for macOS

Malware and other applications may install persistent keyboard "event taps" to intercept your keystrokes. ReiKey can scan, detect, and monitor for such taps!

Audits and remediates security configuration settings (El Capitan)

Visually explore all running tasks (processes) ....viewing its signature status, loaded dylibs, open files, network connection, and much more.

Blocks unsigned internet binaries from executing (El Capitan)

Objective-See's Products