used to distribute software in macos,
macos package
- file may identify as .xar archive
- Packages can also be signed
- can be looked inside by using the built in pkgutil tool in macos
Packages often contain pre- and post-install bash scripts that may contain additional logic required to complete the installation. As these !les are automatically executed during installation, you should always check for and examine these !les when analyzing a potentially malicious package!