Business

Advanced Mac OS X rootkit tools released

Security researcher Dino Dai Zovi (of Pwn2Own fame) has released a suite of tools to demonstrate how to load an advanced rootkit on Mac OS X machines.The tools were first discussed at this year's Black Hat security conference where Dai Zovi (right) presented techniques to manipulate the way the Mach micro-kernel uses RPC calls to create hidden system calls or create kernel threads.

Written by Ryan Naraine, Contributor Aug. 12, 2009 at 6:42 a.m. PT

Security researcher Dino Dai Zovi (of Pwn2Own fame) has released a suite of tools to demonstrate how to load an advanced rootkit on Mac OS X machines.

The tools were first discussed at this year's Black Hat security conference where Dai Zovi (right) presented techniques to manipulate the way the Mach micro-kernel uses RPC calls to create hidden system calls or create kernel threads.

[ SEE: Dino Dai Zovi: How Snow Leopard can save Mac OS X from malware attacks ]

On his Trail of Bits blog, Dai Zovi released an inject-bundle tool to demo the steps need to use injected memory and threads to load a Mach-O bundle into another task. He also posted injectable bundles to demonstrate how to capture an image using the Mac's iSight camera, how to log instant messages from iChat and how to log SSL traffic sent through the Apple Security Transport API.

Dai Zovi's rootkit, dubbed Machiavelli, is capable of using Mach RPC proxying to transparently perform Mach RPC to a remote host.

Dai Zovi described the tools as "non-hostile proof of concept" that are not suitable for use in actual rootkit or offensive tools.

Editorial standards

Show Comments

Logitech Mevo Core Streaming camera on a tripod on set

Advanced Mac OS X rootkit tools released

Related

I fly 10 times a year. These 5 tech gadgets are lifesavers

4 ways to connect to the internet for less after the Affordable Connectivity Program expires

How one company's employees use Microsoft Copilot to avoid the worst part of meetings