Unfortunately, we were seeing that a number of users had a StagedExtensions folder that was lacking the restricted flag. By default, this folder is protected by SIP, so it can only be modified by the system. This folder is used by macOS in the process of activating a kext.
We ultimately traced the initial problem to an issue with the /Library/StagedExtensions/ folder. Unfortunately, these worms all belong to macOS, and are affecting other kexts as well.
This opened a can of worms that we’re still struggling with today… as soon as we think the worms are back in the can, we start finding new ones. Back in summer of 2018, customer support at Malwarebytes started seeing people with problems activating the kernel extension (kext) in Malwarebytes for Mac.
0 kommentar(er)
