Objective-See has released TaskExplorer version 1.5.0, detailed at and available from here.
This new version improves compatibility with macOS Sierra, fixes a rare crash, and now reports tasks and dylibs which cannot be found on disk – those which are self-deleting, such as KeyRanger. Where searches are processor-intensive, they are performed in the background, allowing the user interface to remain more responsive.
If you haven’t used TaskExplorer much, you may not be aware of its excellent ‘hashtag’ filters, which make it easy to look for suspicious tasks in its long list. Place the cursor in the search box and enter the # sign to see a pop-up menu of these, which now include:
- #apple to display tasks which are part of macOS, and signed by Apple itself
- #nonapple to display all those tasks which are not #apple
- #signed to display those tasks which are signed
- #unsigned to display only those tasks which are not signed
- #flagged to display tasks which are flagged by VirusTotal as being suspicious or malicious
- #encrypted to display tasks which are encrypted in Apple’s scheme
- #packed to display items which are packed; this is currently a beta feature and may also include ‘high entropy’ items
- #notfound to display tasks which have deleted themselves from storage, as some malware will.
KeyRanger is the ransomware that was inserted into Transmission 2.90. Although that threat should now be long past, it is a technique likely to reappear in future malware. This new feature is thus another significant improvement in detecting malware.
TaskExplorer is an essential tool for every Mac user. If you haven’t installed it yet, do so; if you have, update now. You never know when it is going to help you decide whether your Mac has been infected by malware or ‘unwanted’ software.