Good news for macOS users, a new open source tool dubbed
Event taps are added by both malicious applications and legitimate software to manage inputs provided by the user.
ReiKey was developed by the popular macOs expert and former NSA white hat hacker Patrick Wardle. The application is able to detect malicious codes that uses the CoreGraphics framework to monitor event taps.
According to Wardle, most macOS keyloggers rely on ‘event taps’ implemented in the CoreGraphics framework to capture keystrokes, for this reason, the expert developed the tool to detect any new tap event that is added to the system.
Note that tool is effective only against keylogger that installs install CoreGraphics keyboard “event taps, but there
“The majority of macOS malware that contains keylogger logic (to capture keypresses) does so via CoreGraphics ‘event taps.'” states the post published by Wardle.
“ReiKey was designed to detect such keyboard taps, alerting you anytime a new tap is installed. In other words its goal is generically detect (the most common type of) macOS keyloggers.”
The tool scans for existing keyboard “event taps” and alerts whenever a new keyboard event tap is activated.
The scan provided the users the following information:
The scan results will also include legitimate entries, so users need to carefully analyze them.
Wardle already released the
(SecurityAffairs – macOS, malware)