macOS 26.4 Warns Against Terminal-Based Malware Attacks

ByMike Moffit

We’ve warned before about scams that trick users into pasting malicious commands into Terminal. Attackers create fake CAPTCHA pages—often resembling Cloudflare’s “are you a human” tests—that instruct visitors to open Terminal, paste a command, and press Return. Because the user executes the command themselves, macOS’s security protections are bypassed. Malwarebytes recently documented a macOS infostealer called Infiniti Stealer that spreads this way, stealing Keychain passwords, browser credentials, and cryptocurrency wallets. These attacks have become common enough that Apple has added a warning in macOS 26.4 Tahoe that appears when a user pastes a potentially dangerous command from Safari into Terminal. The protection is still in its early days—in our testing, the warning dialog appeared only once, with subsequent attempts producing only a beep. Worse, if you allow the first paste, Terminal keeps allowing pastes without further warnings. It’s a step in the right direction, but don’t count on it yet. The core advice remains: never paste commands into Terminal from websites unless you trust the site and fully understand what it does. No legitimate CAPTCHA ever requires Terminal commands!

(Featured image by iStock.com/thomaguery)

Social Media: Fake CAPTCHAs that trick users into pasting malware commands into Terminal are now common enough that Apple added a warning in macOS 26.4 Tahoe. Remember: no legitimate verification ever requires Terminal commands!

Similar Posts

  • _Dear Friends,_

    The trip up the the Everglades was pretty uneventful although we did see alligators and eagles as we were watching nature go by. Grace wants to go back up for an airboat ride so we will have to put that on the list.

    I am very happy to report that Small Dog Electronics now offers Go-Pro cameras and accessories. It took us many tries but I was able to meet with someone that could make a decision at CES in Las Vegas so we are now all set and Go-Pro should be in all of our stores. We’ll feature skiing and motorcycling kits up in the Green Mountains and some surf-oriented bundles down in Key West.

    I guess this should be in a soapbox but I just want to make a quick statement that I feel that Tim Cook and Apple are 100% correct in resisting the government’s attempt to force them to create software to defeat the encryption inherent in the iPhone. One of Apple’s most valuable commodities is safety. You know when you buy an Apple product that your data is safe. Safe from most viruses, malware, ransomware and also that your private data remains just that…private. While I certainly sympathize with those investigating the horrible San Bernadino terrorist actions, I do not feel that we should pay an even higher price and sacrifice our liberty and privacy as a result. Bravo to Tim Cook and Apple.

    This week’s Kibbles & Bytes exclusive is the “**Tempus Pro Weather Station.**”:http://www.smalldog.com/wag900002092 This complete wireless weather station has been one of out best selling devices. It combines an indoor monitoring station with an outdoor instrument and an iPhone or iPad App to give you complete weather information. It includes sensors for indoor and outdoor temperature, humidity, barometric pressure, rainfall and wind speed. It is simple to install and works by Bluetooth between the outdoor and indoor sensor and Wi-Fi to your iPhone. This is normally $159.99 but for this week for Kibbles & Bytes readers it is “**$25 off at $134.99!**”:http://www.smalldog.com/wag900002092

  • Setting Up and Managing iCloud+ Storage

    Apple’s online iCloud storage underpins many of the company’s services, including iCloud Photos, iCloud Drive, iCloud Backup (for iPhones and iPads), iCloud Mail,…