Another day, another lame malware attacking and spying on OS X users, and still using the same old lame Daemons and Agents approach to gain persistence at victims machine. Hey, it works, so why change, right?
Ice the guardian v2 is a quick hack using TrustedBSD to monitor the system LaunchDaemons and LaunchAgents folders. There’s a lot of room for improvement so I’m waiting for your commits 😉
Apple has the technology in place so they could probably implement something like this default oin OS X. Gatekeeper can’t be the only obstacle to this kind of stuff.
You can find the source at github repo.