But the post says that the malware checks if any of those folders exists, only *... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

toyg on Sept 8, 2016 | parent | context | favorite | on: Sophisticated OS X Backdoor Discovered

But the post says that the malware checks if any of those folders exists, only then writing the necessary plist. By your reasoning, one of these folders should have been created in advance by another process. So this "backdoor" is even incomplete...

sordidfellow on Sept 8, 2016 | [–]

It says it checks if those folders are available - which could mean checking if the name is not already taken, and then creating the path for itself to use.

happyopossum on Sept 8, 2016 | [–]

> But the post says that the malware checks if any of those folders exists

Presumably so it doesn't re-infect an already compromised host

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact