[TheSpiceIsLife]

Can this be answered by doing a security review of the Hackintosh installation?

Would all that is necessary be to put the Hackintosh behind a network inspector, say Wireshark, to check if anything nefarious or unexpected is going on.

[op00to]

What if the traffic was masked - say certain "routine" DNS queries to kick off a request to get further commands to run? I wouldn't be worried about facile root kits, but higher quality attacks that are way harder to detect.