Don’t Listen to Anyone Who Tells You to Drag a Text File into Terminal

ByEmily Dolloff

In macOS 15 Sequoia, Apple made it more difficult to bypass Gatekeeper to run apps that aren’t notarized. (Notarization is one of the ways Apple ensures that apps distributed outside the Mac App Store are unmodified and free from malware.) Cybercriminals have responded to this increase in security with a new social engineering attack. They provide the victim with a disk image, ostensibly to install some desired piece of software, instructing the user to drag a text file into Terminal. Doing so executes a malicious script that installs an “infostealer” designed to exfiltrate a wide variety of data from your Mac. The simple advice here is to treat any guidance to drop a file into Terminal with extreme suspicion—no legitimate software or developer will ever ask you to do that.

(Featured image based on an original by iStock.com/Farion_O)

Social Media: Thing #17 to never do: Follow instructions to drop a text file into Terminal. It’s a great way to install malware and let cybercriminals steal your passwords, financial information, and more.

Similar Posts

  • Motorcycling down here is sort of boring. I have my bike all tuned up but there is literally only one road and the fastest speed limit in Key West is 30mph. I think we may have to trade in Grace’s Vespa to get a real motorcycle for her so we can take some longer trips down here.

    Pitchers and catchers reported for spring training and the Cubs Kyle Schwarber is already breaking windshields in Arizona at the Cubs park. Maybe this year?

    Thank you so much for reading this issue of Kibbles & Bytes!

    Your Kibbles & Bytes Team,

    _Don, Emily, & Hadley_