Suspicious Terminal Activity

Joined
Jun 26, 2016
Messages
1
Reaction score
0
Points
1
I never use the Terminal on my Macbook Pro. However, yesterday I opened it and noticed it said the Last Login was June 23rd. I find this odd since I hadn't logged into the Terminal in a very long time. How is it possible that it said my last login was on June 23rd?


I also entered the command


open .bash_history

cat .bash_history


to check the history of commands entered into the terminal. This is what came back:



uptime

pmset -g custom

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

defaults read /Applications/Firefox.app/Contents/Info LSEnvironment


I never entered any of these commands

Can someone help to explain what's going on? Could it possibly be a glitch or a Macbook Pro process that I'm unfamiliar with? Also, in terms of the Terminal Command history, is there an automated process that could've entered the commands without my logging in? Or is this an indication of a compromised machine?

Last, is there a way to reveal the dates in which the Terminal commands were entered?

Thanks for your help
 

pigoo3

Well-known member
Staff member
Admin
Joined
May 20, 2008
Messages
44,210
Reaction score
1,418
Points
113
Location
U.S.
Your Mac's Specs
2017 15" MBP, 16gig ram, 1TB SSD, OS 10.15
I never use the Terminal on my Macbook Pro. However, yesterday I opened it and noticed it said the Last Login was June 23rd. I find this odd since I hadn't logged into the Terminal in a very long time. How is it possible that it said my last login was on June 23rd?

Maybe the login date is being misinterpreted. Maybe the login date is the last time the computer was logged into…rather than when Terminal was last logged into.

- Nick
 
Joined
Feb 14, 2004
Messages
4,781
Reaction score
166
Points
63
Location
Groves, Texas
Could be several things. Do you have Homebrew or Macports installed? Some installers use Terminal to do it's thing. You won't even see Terminal start up.
If you're fast you might see a Terminal window flash by.
The commands you posted are all reads except for the pmset and nothing to worry about, and that was probably the preference for power management doing that.
Heck, mine still has the command to make a Yosemite USB stick in it and that was a while ago.
 
Joined
Nov 28, 2007
Messages
25,564
Reaction score
486
Points
83
Location
Blue Mountains NSW Australia
Your Mac's Specs
Silver M1 iMac 512/16/8/8 macOS 11.6
Unless you are very experienced with Terminal it pays to keep out of it. Very strong black magic lives there. Regarding Dysfuntions post avoid CNET like the plague as they include allm sorts of goodies with their downloads. Download and run Malwarebytes for Mac is a much better option.


https://www.malwarebytes.com/antimalware/mac/
 
Joined
Mar 17, 2008
Messages
6,879
Reaction score
191
Points
63
Location
Tucson, AZ
Your Mac's Specs
Way... way too many specs to list.
The point of the link was so I didn't have to type a whole bunch about how anti-malware tools check. I'm going to guess you didn't actually read it.

Since this is in his command history, I'm going to guess he's already got a tool. Also, continually simply stating you should never use the terminal is ridiculous. You should be CAUTIOUS about it, read and understand FULLY what you're doing. But calling it black magic? Meh.
 
Joined
Apr 26, 2008
Messages
2,963
Reaction score
120
Points
63
Location
Belgium
Your Mac's Specs
iPad Pro 12.9 latest iOS
June 23rd .... of what year ?
( Since you said you had not entered the Terminal for a very long time. )
Maybe you did enter the commands yourself and have forgotten all about it :)

Cheers ... McBie
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top