Don’t Listen to Anyone Who Tells You to Drag a Text File into Terminal

ByEmily Dolloff

In macOS 15 Sequoia, Apple made it more difficult to bypass Gatekeeper to run apps that aren’t notarized. (Notarization is one of the ways Apple ensures that apps distributed outside the Mac App Store are unmodified and free from malware.) Cybercriminals have responded to this increase in security with a new social engineering attack. They provide the victim with a disk image, ostensibly to install some desired piece of software, instructing the user to drag a text file into Terminal. Doing so executes a malicious script that installs an “infostealer” designed to exfiltrate a wide variety of data from your Mac. The simple advice here is to treat any guidance to drop a file into Terminal with extreme suspicion—no legitimate software or developer will ever ask you to do that.

(Featured image based on an original by iStock.com/Farion_O)

Social Media: Thing #17 to never do: Follow instructions to drop a text file into Terminal. It’s a great way to install malware and let cybercriminals steal your passwords, financial information, and more.

Similar Posts

  • Keep Your Passwords!

    You have a password for the online banking, one for your Apple ID, one to log into your retirement amount. Your password for your bank has to have have at least one numeric number, but can’t start with a number and it can’t have any more than two of the same characters found in your username. Your retirement account must include at least 3 numbers and one special character but they can’t be consecutive.

    Does this sound familiar? In the perfect world we would only need one password, but unfortunately for security purposes and as hackers get better at what they do password strength has become critical and part of our everyday lives. The hassle with this is that most sites have their own sets of rules for password strength leaving many of us to peck away at our keyboards or devices in a sometimes endless game of “remember how you manipulated your favorite password 16 different ways and can’t remember if your banking site used the password with the capitalization or the one with the ampersand”.

    p{text-align: center;}. !http://blog.smalldog.com/images/4644.jpg!

    For a very long time I will admit my method of keeping track of my usernames and passwords was the stickies program on my Mac, much to the dismay of our IT manager! While stickies are easily accessed they are not secure and I do not recommend this method. Where you should keep them is in your keychain. You can access your keychain through applications and then utilities. Once you are in your keychain you can manually add preferred sites, accounts and passwords you wish to store. Another huge benefit is secure notes. Secure notes allow you store additional confidential information. Keychain is safe and secure because in order to view any of the passwords stored there you need to enter your administrator password. Within keychain you can make sure to safely and securely keep your passwords, and when you forget if you needed that capitalization or ampersand in your password you can simply open keychain and enter into the search field the website for which you need to confirm the password.

    Now what if you don’t have a mac? The loss of passwords, and most often your Apple ID password is a huge concern with users of iOS devices only. Luckily there is an easy solution for that, iCloud and “iCloud keychain.”:https://support.apple.com/en-us/HT204085 Simply go to settings, iCloud and then select keychain. Your iOS device will begin to store your logins and websites. Additionally you can add specific websites and passwords manually to your phone or iPad under **safari** and then selecting **passwords**. This is also where you would look if you can’t remember login information.

    Recording safely your logins and passwords is an often overlooked step, especially when users of iOS devices accidentally have the device damaged or lost. Saving your passwords safely and using iCloud keychain can avert your being logged out of accounts.

  • Macbooks and Macbook Air Upgraded

    Apple announced some changes to the 12-inch MacBook and 13-inch MacBook Air this week. Let’s talk about the MacBook Air first. Apple discontinued the 13-inch MacBook Air models that had 4GB of RAM and made them sport 8GB. There were no other changes to this model but the additional RAM comes at no additional cost as Apple doubled the RAM but kept the price the same at $999 for the 128GB SSD unit and $1299 for the 256GB SSD.

    With just this minor update to the MacBook Air we can speculate that perhaps this unit is on its way out within the next year. The MacBook Air does not have the Retina display nor does it support the latest in Intel mobile processors. On the other hand, it is Apple’s best selling laptop.

    The changes to the MacBook were more significant. They added a Rose Gold (er…pink) color which might actually be a nice option for some. More importantly, Apple went to the new sixth-generation dual-core Intel Core M processors which run at clock speeds up to 1.3 gigahertz, with Turbo Boost up to 3.1 gigahertz. The revamped notebooks also feature faster 1866 megahertz memory.

    This new processor yields increases in performance from 15-20% in initial testing. With the Intel HD Graphics 515, the new MacBook has about 25 percent faster graphics performance. Speed has also been enhance with new, faster PCIe-based flash storage.

    The lower power requirements and a slightly larger battery has also improved battery life, with the Apple claiming the new MacBook offers up to 10 hours of wireless surfing and up to 11 hours of movie watching.

    While some were expecting additional ports or an improved FaceTime camera, these features did not make the cut.

    We should have all the models in stock next week as well as some great deals on the newly discontinued models.