Calum Hall
Calum Hall
# Hidden LaunchAgent/Daemon Discovery ## Background As per this issue -> https://github.com/osquery/osquery/issues/7703 Malware commonly persists on macOS devices using LaunchAgents/Daemons. It [has been observed](https://www.welivesecurity.com/2022/07/19/i-see-what-you-did-there-look-cloudmensis-macos-spyware/) that certain malware samples have been...
# Blueprint **TL;DR**: the current implementation of launchd does not identify LaunchAgents/Daemons that originate from hidden files (i.e. `/Library/LaunchAgents/.hiddenfile.test.plist`. As demonstrated within [this article](https://www.welivesecurity.com/2022/07/19/i-see-what-you-did-there-look-cloudmensis-macos-spyware/), malware has been observed to use...
Please see the [original PR](https://github.com/osquery/osquery/pull/7704) for historical comments. Opening a clean PR to move away from some chaotic branch conflicts. # Hidden LaunchAgent/Daemon Discovery ## Background As per this issue...