Haddii Mac -gaagu u dhaqmayo si la yaab leh oo aad ka shakisan tahay rootkit, markaa waxaad u baahan doontaa inaad shaqo ka hesho soo dejinta iyo iskaanka dhowr qalab oo kala duwan. Waxaa xusid mudan in lagu rakibay rootkit -ka oo aadan xitaa ogeyn.

Arrinka ugu muhiimsan ee lagu kala soocayo rootkit-ka gaarka ah waa in ay siiso qof maamulaha fog fog ku maamula kombiyuutarkaaga adiga oo aan ogeyn. Marka qof uu galo kombuyuutarkaaga, waxay si fudud kuugu basaasin karaan ama waxay samayn karaan isbeddel kasta oo ay rabaan inay ku sameeyaan kombuyuutarkaaga. Sababta ay tahay inaad isku daydo dhowr scanners oo kala duwan ayaa ah in rootkits ay aad u adag tahay in la ogaado.

Bandhig faneedka Rootkit

Aniga ahaan, haddii aan xitaa ka shakiyo inuu jiro rootkit ku rakiban kombuyuutarka macmiilka, waxaan isla markiiba dib u soo celiyaa xogta oo waxaan sameeyaa rakibaad nadiif ah oo ku saabsan nidaamka hawlgalka. Sida iska cad tani way ka sahlan tahay in la sheego, mana aha wax aan ku talinayo in qof walba sameeyo. Haddii aadan hubin inaad haysatid rootkit, waxaa fiican inaad isticmaasho qalabkan soo socda adiga oo rajeynaya in la ogaado rootkit-ka. Haddii aysan waxba ku soo bixin adigoo isticmaalaya qalabyo badan, waxay u badan tahay inaad OK tahay.

Haddii rootkit la helo, adiga ayay ku xiran tahay inaad go'aansato in ka saarista lagu guuleystay iyo haddii aad hadda ka bilowdo meel nadiif ah. Waxa kale oo xusid mudan maadaama OS X uu ku salaysan yahay UNIX , in badan oo ka mid ah sawir-qaadayaasha ayaa isticmaala khadka taliska oo u baahan aqoon farsamo oo aad u yar. Maadaama balooggani u janjeedho bilawga, waxaan isku dayi doonaa inaan ku dhejiyo qalabka ugu fudud ee aad isticmaali karto si aad u ogaato rootkits-ka Mac kaaga .

Malwarebytes ee Mac

Barnaamijka saaxiibtinimo ee ugu badan ee aad isticmaali karto si aad uga saarto rootkit kasta Mac kaaga waa Malwarebytes ee Mac^{(Malwarebytes for Mac)} . Kaliya maaha rootkits, laakiin sidoo kale nooc kasta oo fayraska Mac ah ama malware.

Daaqadda Malwarebytes

Waxaad soo dejisan kartaa tijaabada bilaashka ah oo aad isticmaali kartaa ilaa 30 maalmood. Qiimaha waa $40 haddii aad rabto inaad iibsato barnaamijka oo aad hesho ilaalin-waqtiga dhabta ah. Waa barnaamijka ugu fudud ee la isticmaalo, laakiin sidoo kale waxay u badan tahay in aan la helin rootkit dhab ahaantii ay adagtahay in la ogaado, markaa haddii aad wakhti qaadan karto si aad u isticmaasho qalabka khadka taliska ee hoose, waxaad heli doontaa fikrad aad u fiican oo ku saabsan haddii ama iyo in kale. ma haysatid rootkit.

Rootkit Hunter

Rootkit Hunter waa aalad aan ugu jeclahay in aan u isticmaalo Mac si loo helo rootkits. Way fududahay in la isticmaalo, wax soo saarkuna aad bay u fududahay in la fahmo. Marka hore, aad bogga soo dejinta^{(download page)} oo guji badhanka soo dejinta cagaaran.

Rootkit Hunter daaqada

Horey u soco oo laba-guji faylka .tar.gz si aad u furto. Kadib fur daaqadda Terminal oo u gudub tusahaas adigoo isticmaalaya amarka CD-ga.

U gudub hagaha adiga oo isticmaalaya amarka CD-ga

Markaad halkaas tagto, waxaad u baahan tahay inaad socodsiiso qoraalka installer.sh. Si tan loo sameeyo, adeegso amarka soo socda:

sudo ./installer.sh – install

Waxaa lagu weydiin doonaa inaad geliso eraygaaga sirta ah si aad u socodsiiso qoraalka.

Geli erayga sirta ah isla markiiba

Haddii dhammaan si wanaagsan u dhaceen, waa inaad aragto qaar ka mid ah khadadka ku saabsan bilaabista rakibidda iyo hagayaasha la abuuray. Dhammaadka, waa in ay tidhaahdaa Rakibaddii Dhamaystiran^{( Installation Complete)} .

Rakibaadda bilawga ah

Kahor intaadan socodsiin sawirka dhabta ah ee rootkit, waa inaad cusboonaysiisaa faylka guryaha. Si aad tan u samayso, waxaad u baahan tahay inaad ku qorto amarka soo socda:

sudo rkhunter – propupd

Geli amarka – propupd

Waa inaad heshaa fariin gaaban oo tilmaamaysa in hawshani shaqaynaysay. Hadda waxaad ugu dambeyntii socodsiin kartaa jeegga rootkit dhabta ah. Si taas loo sameeyo, adeegso amarka soo socda:

sudo rkhunter – check

Geli amarka - hubi

Waxa ugu horreeya ee ay samayn doonto waa hubinta amarada nidaamka. Inta badan, waxaan rabnaa OKs cagaaran halkan iyo digniino cas oo yar intii^(Warnings) suurtagal ah. Marka taasi dhammaato, waxaad riixi doontaa Enter oo waxay bilaabi doontaa hubinta rootkits.

Daaqada hubinta rootkit oo cagaar leh lama helin

Halkan waxa aad doonaysaa in aad hubiso in dhamaantood ay yidhaahdaan lama helin^{(Not Found)} . Haddii ay wax casaan ah ka soo baxaan halkan, hubaal waxaad haysataa rootkit. Ugu dambeyntii, waxay sameyn doontaa xoogaa hubin ah nidaamka faylka, martigeliyaha maxalliga ah, iyo shabakadda. Dhamaadka ugu dambeeya, waxay ku siin doontaa soo koobid wanaagsan natiijooyinka.

Soo koobida nidaamka hubinta

Haddii aad rabto tafaasiil dheeraad ah oo ku saabsan digniinaha, ku qor cd /var/log ka dibna ku qor sudo cat rkhunter.log si aad u aragto dhammaan faylka log-ga iyo sharraxaadaha digniinaha. Uma baahnid inaad wax badan ka walwasho amarrada ama fariimaha faylalka bilawga ah maadaama ay caadiyan OK yihiin. Waxa ugu muhiimsan waa in aan waxba la helin marka la hubinayo rootkits.

chkrootkit

chkrootkit waa qalab bilaash ah oo deegaanka ka hubin doona calaamadaha rootkit. Waxay hadda hubisaa ilaa 69 rootkits oo kala duwan. Tag goobta, dhagsii Download xagga sare ka dibna dhagsii chkrootkit u dambeeyay Source tarball^{(chkrootkit latest Source tarball)} si aad u soo dejiso faylka tar.gz.

chromotkit soo dejinta daaqada

Tag folder Downloads ee ku yaal ^(Downloads)Mac kaaga oo laba jeer guji faylka. Tani waxay kala furfuri doontaa^{(uncompress it)} oo waxay abuuri doontaa galka Finder ee loo yaqaan chkrootkit-0.XX . Hadda fur daaqadda Terminal oo u gudub hagaha aan la isku dhejin.

tusaha chrootkit

Asal ahaan, waxaad cd gelisaa tusaha Soodejinta ka dibna gal chkrootkit galka . ^(Downloads)Markaad halkaas tagto, waxaad ku qortaa amarka si aad u sameyso barnaamijka:

sudo make sense

Uma baahnid inaad isticmaasho amarka sudo halkan, laakiin maadaama ay u baahan tahay mudnaanta xididka si ay u shaqeyso, waan ku daray. Kahor inta uusan amarku shaqayn, waxaa laga yaabaa inaad hesho fariin sheegaya in qalabka horumariya loo baahan yahay in lagu rakibo si loo isticmaalo amarka samaynta^(make) .

Ku rakib qalabka horumariyaha wada hadalka

Hore u soco oo guji Ku rakib^(Install) si aad u soo dejiso oo u rakibto amarada. Marka la dhammeeyo, mar kale socodsii amarka Waxaa laga yaabaa inaad aragto farabadan digniino, iwm., laakiin iska dhaaf kuwaas. Ugu dambeyntii, waxaad ku qori doontaa amarka soo socda si aad u socodsiiso barnaamijka:

sudo ./chkrootkit

Waa inaad aragto wax soo saarka sida kuwa hoos ku qoran:

wax soo saarka chrootkit

Waxaad arki doontaa mid ka mid ah saddexda farriimaha soo saarka: aan cudurka^{( not infected)} qabin , aan la tijaabin^{(not tested)} oo aan la helin^{(not found)} . Aan cudurka la qaadin macnaheedu waa ma helin wax saxeexa rootkit ah, lama helin macnaheedu waa amarka la tijaabinayo lama hayo oo aan la tijaabin macnaheedu waa tijaabada lama samayn sababo kala duwan dartood.

Waxaan rajeyneynaa^(Hopefully) , wax walbaa waxay soo baxaan iyagoo aan cudur lahayn, laakiin haddii aad aragto wax caabuq ah, markaa mashiinkaaga waa la dhimay^{(machine has been compromised)} . Horumariyaha barnaamijku wuxuu ku qoraa faylka README in aad asal ahaan dib u geliso OS-ka si aad uga takhalusto rootkit-ka, taas oo asal ahaan aan sidoo kale soo jeedinayo.

ESET Rootkit Detector

ESET Rootkit Detector waa barnaamij kale oo bilaash ah oo aad u fudud in la isticmaalo, laakiin hoos u dhaca ugu weyn ayaa ah in uu kaliya ka shaqeeyo OS X 10.6 , 10.7 iyo 10.8. Iyadoo la tixgelinayo OS X wuxuu ku dhow yahay 10.13 hadda, barnaamijkani ma noqon doono mid waxtar u leh dadka intooda badan.

ESET Rootkit Detector soo dejinta daaqada

Nasiib darrose, ma jiraan barnaamijyo badan oo halkaas ka hubinaya rootkits-ka Mac . Waxaa jira wax badan oo dheeraad ah oo loogu talagalay Windows taasina waa wax la fahmi karo maadaama saldhigga isticmaale Windows uu aad uga weyn yahay. Si kastaba ha noqotee, adoo isticmaalaya qalabka kor ku xusan, waa inaad rajaynaysaa inaad hesho fikrad wanaagsan in rootkit lagu rakibay mashiinkaaga iyo in kale. Ku raaxayso!

How to Check Your Mac for Rootkits

If your Mac is acting strangеly and you suspect a rootkit, then you’ll need to get tо work downloading and scanning with several different tools. It’s worth noting that уou could have a rootkit installed and not even know it.

The main distinguishing factor that makes a rootkit special is that it gives someone remote administrator control over your computer without your knowledge. Once someone has access to your computer, they can simply spy on you or they can make any change they want to your computer. The reason why you have to try several different scanners is that rootkits are notoriously hard to detect.

Artist rendering of Rootkit

For me, if I even suspect there is a rootkit installed on a client computer, I immediately back up the data and perform a clean install of the operating system. This is obviously easier said than done and it’s not something I recommend everyone do. If you’re not sure if you have a rootkit, it’s best to use the following tools in the hopes of discovering the rootkit. If nothing comes up using multiple tools, you’re probably OK.

If a rootkit is found, it’s up to you to decide whether the removal was successful or whether you should just start from a clean slate. It’s also worth mentioning that since OS X is based on UNIX, a lot of the scanners use the command line and require quite a bit of technical know-how. Since this blog is geared towards beginners, I’m going to try to stick to the easiest tools that you can use to detect rootkits on your Mac.

Malwarebytes for Mac

The most user-friendly program you can use to remove any rootkits from your Mac is Malwarebytes for Mac. It’s not just for rootkits, but also any kind of Mac viruses or malware.

Malwarebytes window

You can download the free trial and use it for up to 30 days. The cost is $40 if you want to purchase the program and get real-time protection. It’s the easiest program to use, but it’s also probably not going to find a really hard-to-detect rootkit, so if you can take the time to use the command line tools below, you’ll get a much better idea of whether or not you have a rootkit.

Rootkit Hunter

Rootkit Hunter is my favorite tool to use on the Mac for finding rootkits. It’s relatively easy to use and the output is very easy to understand. Firstly, go to the download page and click on the green download button.

Rootkit Hunter window

Go ahead and double-click on the .tar.gz file to unpack it. Then open a Terminal window and navigate to that directory using the CD command.

Navigate to directory using CD command

Once there, you need to run the installer.sh script. To do this, use the following command:

sudo ./installer.sh – install

You’ll be prompted to enter your password to run the script.

Enter password at prompt

If all went well, you should see some lines about the installation starting and directories being created. At the end, it should say Installation Complete.

Installation starting

Before you run the actual rootkit scanner, you have to update the properties file. To do this, you need to type the following command:

sudo rkhunter – propupd

Enter command – propupd

You should get a short message indicating that this process worked. Now you can finally run the actual rootkit check. To do that, use the following command:

sudo rkhunter – check

Enter command – check

The first thing it’ll do is check the system commands. For the most part, we want green OKs here and as few red Warnings as possible. Once that is complete, you will press Enter and it’ll start checking for rootkits.

Rootkit checking window with green Not found

Here you want to ensure all of them say Not Found. If anything comes up red here, you definitely have a rootkit installed. Lastly, it’ll do some checks on the file system, local host, and network. At the very end, it’ll give you a nice summary of the results.

System checks summary

If you want more details about the warnings, type in cd /var/log and then type in sudo cat rkhunter.log to see the entire log file and the explanations for the warnings. You don’t have to worry too much about the commands or startup files messages as those are normally OK. The main thing is that nothing was found when checking for rootkits.

chkrootkit

chkrootkit is a free tool that will locally check for signs of a rootkit. It currently checks for about 69 different rootkits. Go to the site, click on Download at the top and then click on chkrootkit latest Source tarball to download the tar.gz file.

chrootkit download window

Go to the Downloads folder on your Mac and double-click on the file. This will uncompress it and create a folder in Finder called chkrootkit-0.XX. Now open a Terminal window and navigate to the uncompressed directory.

chrootkit directory

Basically, you cd into the Downloads directory and then into the chkrootkit folder. Once there, you type in the command to make the program:

sudo make sense

You don’t have to use the sudo command here, but since it requires root privileges to run, I have included it. Before the command will work, you might get a message saying the developer tools need to be installed in order to use the make command.

Install developer tools dialog

Go ahead and click on Install to download and install the commands. Once complete, run the command again. You may see a bunch of warnings, etc., but just ignore those. Lastly, you will type the following command to run the program:

sudo ./chkrootkit

You should see some output like what is shown below:

output of chrootkit

You’ll see one of three output messages: not infected, not tested and not found. Not infected means it didn’t find any rootkit signature, not found means the command to be tested is not available and not tested means the test was not performed due to various reasons.

Hopefully, everything comes out not infected, but if you do see any infection, then your machine has been compromised. The developer of the program writes in the README file that you should basically reinstall the OS in order to get rid of the rootkit, which is basically what I also suggest.

ESET Rootkit Detector

ESET Rootkit Detector is another free program that is much easier to use, but the main downside is that it only works on OS X 10.6, 10.7 and 10.8. Considering OS X is almost to 10.13 right now, this program won’t be helpful for most people.

ESET Rootkit Detector download window

Unfortunately, there aren’t many programs out there that check for rootkits on Mac. There are a lot more for Windows and that’s understandable since the Windows user base is so much larger. However, using the tools above, you should hopefully get a decent idea of whether or not a rootkit is installed on your machine. Enjoy!

Zara Barnes

About the author

Waxaan ahay injineer software leh in ka badan 10 sano oo waayo-aragnimo ah warshadaha software. Waxaan ku takhasusay abuurista iyo ilaalinta codsiyada software shaqsi iyo shirkad, iyo sidoo kale horumarinta qalabka horumarinta ee ganacsiyada yaryar iyo ururada waaweyn. Xirfadahaygu waxay ku jiraan horumarinta codeBase adag, wax ka saarista & qalabka tijaabinta, iyo inaan si dhow ula shaqeeyo isticmaalayaasha dhamaadka si loo hubiyo in codsiyadoodu u shaqeeyaan si aan cillad lahayn.

Sida loo hubiyo Mac kaaga Rootkits

Malwarebytes ee Mac

Rootkit Hunter

chkrootkit

ESET Rootkit Detector

How to Check Your Mac for Rootkits

Malwarebytes for Mac

Rootkit Hunter

chkrootkit

ESET Rootkit Detector

Zara Barnes

About the author

Related posts

Sida Looga Hortago Mac-gaga Hurdada

Sida Loo Maareeyo Fn Furayaasha Mac-gaaga

Furayaasha qaarkood ee Mac-gaaga ayaan si sax ah u shaqayn?

5 Siyaabood Oo Lagu Qasbayo Joojinta Apps-ka Mackaaga

Sida Loo Sameeyo Calaamadaha Mac-gaaga

20 Talooyin si aad uga faa'iidaysato Finder-ka Mac

Sida loo Beddelka iyo Isku-dhafka Faylasha Mac

Sida loo dami iMessage on Mac

Isticmaal khadka Input maqalka ee Mac

Sida Loo Hagaajiyo Jiididda & Hoos-u-dhigga Aan Ku Shaqeynin Mac

4 siyaabood oo aad Uninstall Apps on Mac

Waa maxay Kaydinta Kale ee Mac & Sida Loo Nadiifiyo

Sida loo Screen Record on Mac

Sida loo Format kaarka SD on Mac

Sida Looga Soo Diro Iimayl Qarsoon Mac gaaga

Sida Loo Helo loona cusboonaysiiyo 32-Bit Apps ee Mac-gaaga

APFS vs Mac OS Extended - Qaabkee Mac Disk-ga ugu Wanaagsan?

Sida Loo Cusbooneysiyo Mac OS X & Mac Apps From Terminal

5 Apps oo u qaadi doona Mac kaaga cusub heerka xiga

Sida loo hagaajiyo Google Drive-ka oo aan ku dhex soconin Mac