Toggle sidebar Toggle sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

BIG MAC VIRUS ON YOUTUBE BE AWARE !!

bogdanw said:
This has nothing to do with open-source apps. Little Snitch has never been open-source or available on GitHub, but frequently fake pages appear that offer to install it for free and it’s obviously malware.
Click to expand...
I haven't used Little Snitch for years. Anyone have the URL for Objective Development? I searched, but want to be sure I don't have fake URL.

If you know the correct URL for Carbon Copy Cloner, please post that too. I know someone verified it for me, but I don't remember the thread. Yes, probably age related... lol

Thanks!
 
Last edited:
  • Like
Reactions: MarineBand5524 and goldmac2006
DCIFRTHS said:
I haven't used Little Snitch for years. Anyone have the URL for Objective Development? I searched, but want to be sure I don't have fake URL.

If you know the correct URL for Carbon Copy Cloner, please post that too. I know someone verified it for me, but I don't remember the thread. Yes, probably age related... lol

Thanks!
Click to expand...
Objective Development https://obdev.at/index.html
Carbon Copy Cloner https://bombich.com

You can check links on
https://www.virustotal.com/gui/url/
Objective Development
https://www.virustotal.com/gui/url/d8dfae7e6448bd343b9e7e7fd9ed3a6aaa883b57fa6412f32a9de68d74617bc3
Carbon Copy Cloner
https://www.virustotal.com/gui/url/002cc384c182797029d6a63ff0749d5849bd7d052b798fe60bc844dc1496bda8
 
  • Like
Reactions: MarineBand5524, goldmac2006 and DCIFRTHS
  • Like
Reactions: MarineBand5524
Compromised legitimate software is getting to be a problem, too. Recently FileZilla and a couple of other apps were compromised by offering links off the legitimate page to a compromised binary package.

YouTube is terrible for ads for fake software and other illegal crap. I'm really surprised (not really) that the likes of Google/YouTube and others haven't been brought to task over these ads already.
 
"SHub Reaper | macOS Stealer Spoofs Apple, Google, and Microsoft in a Single Attack Chain"
https://www.sentinelone.com/blog/sh...oogle-and-microsoft-in-a-single-attack-chain/
"SentinelOne observed a new SHub variant using the build tag “Reaper”.
Reaper uses fake WeChat and Miro installers as lures, but what stands out is the way the infection chain shifts its disguise at each stage. The payload may be hosted on a typo-squatted Microsoft domain, executed under the guise of an Apple security update, and persist from a fake Google Software Update directory. Alongside the previously documented SHub feature set, the build also adds an AMOS-style document theft module with chunked uploads."
 
Astuces iOS said:
Yes it can be very dangerous, imagine you want to download an app that you know, you click on a fake website, download the app and boom you got hacked... Google should really verify ads !
Click to expand...
Also, be careful on Meta and Instagram and Facebook etc.
Many fake ads and scams. Google should indeed verify ads.
 
  • Like
Reactions: Alameda
bogdanw said:
"Hackers abuse Google ads, Claude.ai chats to push Mac malware"
https://www.bleepingcomputer.com/ne...oogle-ads-claudeai-chats-to-push-mac-malware/
"Attackers are abusing Google Ads and legitimate Claude.ai shared chats in an active malvertising campaign.
Users searching for "Claude mac download" may come across sponsored search results that list claude.ai as the target website, but lead to instructions that install malware on their Mac."
Click to expand...

Hmm.

Folks searching for AI software end up installing malware after clicking on Google ADs and following instructions to install the malware.

I mean. At some point, this is a users fault.


1779472289609.gif
 
bogdanw said:
The instructions are persuasive (Apple Support mentioned) and might seem real to an inexperienced user
claude-chat.jpg
Click to expand...
My rule is:

Don't be following instructions to use Terminal commands unless you KNOW what you're doing.

Additionally, life is not without risk.
People are constantly also getting bilked by scam Apps and/or systems that are IN the Apple App Stores.
 
  • Like
Reactions: DCIFRTHS
turbineseaplane said:
My rule is:

Don't be following instructions to use Terminal commands unless you KNOW what you're doing.

Additionally, life is not without risk.
People are constantly also getting bilked by scam Apps and/or systems that are IN the Apple App Stores.
Click to expand...
Hmm lol this post is back on, hmm yeah if I have something to say, be aware to whatever you open and run on your mac ! Apple isn’t wrong to force dev to pay the apple dev subscription !
 
  • Like
Reactions: goldmac2006
Astuces iOS said:
Ik but at least it reduce the malwares
Click to expand...
It doesn’t reduce anything.

Most macOS malware relies on social engineering, that is convincing users to install it. It doesn’t have to be signed or notarised.

Apple took a small step to prevent ClickFix (copy-paste malware-installing commands in Terminal) and it was bypassed within two weeks https://forums.macrumors.com/thread...e-for-terminal-commands.2479927/post-34532981

More sophisticated attacks, can use stolen credit card details to register a developer account and successfully get their malware notarized.
 
  • Wow
Reactions: Astuces iOS
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back