Hacker News new | ask | show | jobs
by richardwhiuk 3568 days ago
The aim is to look legitimate, but not clobber applications - merely to look like something the user shouldn't delete.
1 comments
toyg 3568 days ago
But the post says that the malware checks if any of those folders exists, only then writing the necessary plist. By your reasoning, one of these folders should have been created in advance by another process. So this "backdoor" is even incomplete...
link
sordidfellow 3568 days ago
It says it checks if those folders are available - which could mean checking if the name is not already taken, and then creating the path for itself to use.
link
djrogers 3567 days ago
> But the post says that the malware checks if any of those folders exists

Presumably so it doesn't re-infect an already compromised host

link