Vendor

Boxcryptor

1 brief RSS

macOS Finder Sync Plugin Persistence via Pluginkit

This rule detects suspicious Finder Sync plugin registrations on macOS, where adversaries abuse the pluginkit process to establish persistence by repeatedly executing malicious payloads.

OneDrive +5 persistence macos pluginkit finder sync plugin

2r 1t 2d ago