macOS 26.4 Warns Against Terminal-Based Malware Attacks

ByMike Moffit

We’ve warned before about scams that trick users into pasting malicious commands into Terminal. Attackers create fake CAPTCHA pages—often resembling Cloudflare’s “are you a human” tests—that instruct visitors to open Terminal, paste a command, and press Return. Because the user executes the command themselves, macOS’s security protections are bypassed. Malwarebytes recently documented a macOS infostealer called Infiniti Stealer that spreads this way, stealing Keychain passwords, browser credentials, and cryptocurrency wallets. These attacks have become common enough that Apple has added a warning in macOS 26.4 Tahoe that appears when a user pastes a potentially dangerous command from Safari into Terminal. The protection is still in its early days—in our testing, the warning dialog appeared only once, with subsequent attempts producing only a beep. Worse, if you allow the first paste, Terminal keeps allowing pastes without further warnings. It’s a step in the right direction, but don’t count on it yet. The core advice remains: never paste commands into Terminal from websites unless you trust the site and fully understand what it does. No legitimate CAPTCHA ever requires Terminal commands!

(Featured image by iStock.com/thomaguery)

Social Media: Fake CAPTCHAs that trick users into pasting malware commands into Terminal are now common enough that Apple added a warning in macOS 26.4 Tahoe. Remember: no legitimate verification ever requires Terminal commands!

Similar Posts

  • _Dear Friends,_

    I am off to Daytona for the 75th Bike Week. We went out to the 75th anniversary of the Sturgis Bike Week so it is only appropriate for us to hit the one sort of in our neighborhood, too. We will be riding on our 2003 Victory motorcycles and trying to avoid any big roads.

    Sugaring season in Vermont is well underway and this time of the year in Vermont always reminds me when we used to sugar the old-fashioned way. Now it is mostly pipelines and big sugaring operations but back when we lived in North Wolcott, Vermont I had a big work horse. The horse was kind of untrained but hitching her to the sled with the big heavy sap gathering tank made her behave. We would tap the trees by hand, hang buckets and as the sap began to flow we would tramp through the deep snow to empty the buckets into the tank. One horsepower was a lot of power as the horse would make her way through the sugar maples and the tank got full. We would take it to our makeshift sugaring arch and boil the sap into yummy syrup. Some of the best times! I still prefer the “grade b” syrup over fancy grade.

    This week’s Kibbles & Bytes exclusive brings back the “**Chill Pill six-pack special.**”:http://www.smalldog.com/wag900002006/ These little portable speakers have been around for a long time and I need to reduce our inventory. So, you can get 2 Black, 2 Red and 2 White Chill Pill speakers for only $29 this week. They make great gifts and are great for camping or just hanging out in the yard. Normally, they are $9.99 each but this week 6 for “**$29!**”:http://www.smalldog.com/wag900002006/