You Can’t See Me: A Mac OS X Rootkit Uses the Tricks You Haven’t Known YetDuring
their presentation at Black Hat Asia 2014, researchers from Team T5 Sung-ting
Tsai and Ming-chieh Pan demonstrate some tricks for advanced process hiding in
Mac OS X. In essence, this is activity powered by a rootkit, such as Rubilyn, which
can make an arbitrary process not visible in the standard way. TT and Nanika
also highlight methods for direct kernel task access and gaining root
permission.
Source:
You Can’t See Me: A Mac OS X Rootkit Uses the Tricks You Haven’t Known Yet
