
Evil Packaging on OSX with Xcode and Metasploit - ssclafani
http://www.darkoperator.com/blog/2009/4/25/evil-packaging-on-osx-with-xcode-and-metasploit.html
======
LoonyPandora
Gist of the article is that if you create an OS X installer package with a
malicious postflight script, you can do naughty things.

Not new information - by design the postflight script can do anything that a
regular shell script can do. If I recall correctly, this is how the fake
Office 2004 "trojan" did it's work.

