Never Paste Unknown Text into Terminal!
A clever new scam masquerades as a CAPTCHA test, asking users to paste text into Terminal to prove they’re human. It installs malware.
Beware of dragging text files into Terminal on macOS 15 Sequoia to avoid malware that steals your personal data.
In macOS 15 Sequoia, Apple made it more difficult to bypass Gatekeeper to run apps that aren’t notarized. (Notarization is one of the ways Apple ensures that apps distributed outside the Mac App Store are unmodified and free from malware.)
Cybercriminals have responded to this increase in security with a new social engineering attack. They provide the victim with a disk image, ostensibly to install some desired piece of software, instructing the user to drag a text file into Terminal. Doing so executes a malicious script that installs an “infostealer” designed to exfiltrate a wide variety of data from your Mac. The simple advice here is to treat any guidance to drop a file into Terminal with extreme suspicion—no legitimate software or developer will ever ask you to do that.
(Featured image based on an original by iStock.com/Farion_O)
Social Media: Thing #17 to never do: Follow instructions to drop a text file into Terminal. It’s a great way to install malware and let cybercriminals steal your passwords, financial information, and more.