Never Run AppleScripts from Untrusted Sources

ByMike Moffit

The latest scam to watch out for is fake websites that try to get you to open Script Editor directly from your browser with a pre-filled AppleScript. Don’t do this! Security researchers at Jamf Threat Labs documented an attack where a convincing Apple-themed page claiming to help “reclaim disk space” prompted users to allow Script Editor to open, then used the applescript:// URL scheme to open a seemingly legitimate script that—if the user ran it—would download and install the Atomic Stealer malware. In macOS 26.4, a new warning in Script Editor flags the script as from an unidentified developer, which should alert more users to the danger. (Yet another reason to install macOS updates!) The rule is simple: never run an AppleScript unless you wrote it yourself or acquired the code from a source you trust. If a website asks to open Script Editor—or any other app—click Cancel, and if you ever see this warning, close the script immediately. No legitimate webpage needs to run scripts on your Mac.

(Featured image based on an original by iStock.com/Prostock-Studio)

Social Media: Attackers are now using fake websites to open Script Editor with pre-filled malicious scripts. Never run an AppleScript from any source you don’t completely trust!

Similar Posts

  • Who cares about QR Codes?

    By now you’ve probably seen one of those odd-looking white squares with a bunch of smaller square dots that make up a random pattern inside–that’s a QR code. QR stands for “Quick Response,” and a QR code is a form of barcode, just like on the packaging of nearly everything you buy.

    Usually QR codes are used to store Web links–URLs–so an ad can display just the QR code instead an unwieldy and hard-to-type web address. But QR codes aren’t just for ads. They’ve appeared on business cards, in magazines and books, on coins and bills, and even on tombstones–any place it would be nice to help someone load a Web link into a smartphone but where there isn’t enough room for a URL or in situations where viewers won’t remember the URL later. And the links? They can display anything that can appear on the Web: text, photos, videos, games, and more.

    Only one built-in iPhone app can scan QR codes–the Wallet app in iOS 9–but it can scan only QR codes that are associated with Wallet passes, things like airline boarding passes, concert tickets, and iTunes gift cards. For QR codes that encode any other sort of data, Wallet shows an error. It would be nice if Apple would add general QR scanning capabilities to Wallet or the Camera app, but until that happens, you’ll need another app.
    There are numerous QR code scanning apps in the App Store, but if you need a recommendation, give TapMedia’s QR Reader for iPhone a try. It’s free with ads (remove them with a $1.99 in-app purchase), scans both QR codes and traditional barcodes on most commercial products, and displays the associated information within the app. It can even help you create your own QR codes.

    To use a QR code scanner, launch the app, allow it to access the camera when it asks, and then point it at the QR code. Good apps will scan nearly instantly, but if not, move the camera so the QR code is centered between the guides. If even that doesn’t work, move forward or back so the camera can focus on the centered code.

    Once the code has been scanned, the app will usually bring up an in-app Web browser to display whatever was encoded. For certain kinds of data, like books or grocery items, the app may go right to Amazon or a price comparison site. Good apps will also keep a record of sites you’ve scanned, so you can go back to them later, even if you can no longer scan the QR code.

    So download a QR code scanning app and keep an eye out for QR codes. Once you start looking, you’ll find them everywhere–it’s a modern-day treasure hunt!

  • Make the Most of Visual Intelligence on the iPhone

    The “visual intelligence” aspect of Apple Intelligence leverages the artificial intelligence capabilities of your iPhone to make what you see through the iPhone’s…

  • My daughter Autumn and her husband Ismael are coming to visit next week which should be fun. Then we pack up and head back to Vermont. Hopefully the weather will cooperate but it seems like warmer weather is in the forecast for the Green Mountains.

    Thank you so much for reading this issue of Kibbles & Bytes!

    Your Kibbles & Bytes Team,

    _Don, Emily, Hadley & Amy_