More Maliciousness: Don’t Follow Instructions to Drop a File into Terminal
In macOS 15 Sequoia, Apple made it more difficult to bypass Gatekeeper to run apps that aren’t notarized. (Notarization is one of the ways Apple ensures that apps distributed outside the Mac App Store are unmodified and free from malware.) Cybercriminals have responded to this increase in security with a new social engineering attack. They provide the victim with a disk image, ostensibly to install some desired piece of software, instructing the user to drag a text file into Terminal. Doing so executes a malicious script that installs an “infostealer” designed to exfiltrate a wide variety of data from your Mac. The simple advice here is to treat any guidance to drop a file into Terminal with extreme suspicion—no legitimate software or developer will ever ask you to do that.
Read more:
More great tips from the archives…
- Two Secret Key Combos for Forward Delete on the Magic and MacBook Keyboards
- iCloud Photo Library Users: Do NOT Turn Off iCloud
- Ever Wondered Which Words to Capitalize in a Title? Use Capitalize My Title!
- Tips for Setting Up a Comfortable and Effective Home Work Space
- Tips for Better Videoconferencing
- Set Your Preferred Name and Photo for Messages on iOS
- The Fastest Way to Change Wi-Fi Networks in iOS
- What to Put at the End of Your Emails
- Apple Business Manager Is a Win for Apple-Driven Workplaces
- Find Wasted Space with Storage Management
- Forrester Research and IBM Studies Show Macs Are Cheaper than PCs
- Being an Apple User Means You’re Not the Product
- How to Ask for Tech Support So You Get Good Answers Quickly
- Apple Business Manager Is a Win for Apple-Driven Workplaces