Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

'Cthulhu Stealer' macOS Malware Can Steal Keychain Passwords, Web Browsing Info, Crypto Wallets, and More

rp2011 said:
I chose the Mac and iOS specifically BECAUSE it is a walled garden. Just as people choose communities they want to live in. If Apple is forced into being a homogeny with Android or Windows then what's the point?
Click to expand...

Fortunately nobody is stopping you from continuing to enjoy the walled garden. Simply don't download anything from outside of it. Nothing has changed by allowing alternatives so long as you don't use those alternatives.

It's like if your chosen community introduces a communal grill but you're a staunch believer in only obtaining barbecue from your approved barbecue joint because nobody ever got food poisoning there. You're absolutely free to continue to go to your safe barbecuery while the others in your community enjoy their backyard cookouts.
 
  • Like
  • Disagree
Reactions: splifingate, platinumaqua, mikeschr and 2 others
filchermcurr said:
Fortunately nobody is stopping you from continuing to enjoy the walled garden. Simply don't download anything from outside of it. Nothing has changed by allowing alternatives so long as you don't use those alternatives.
Click to expand...
Unless and until an app you use decides to leave the walled garden. Then you have a decision to make. And if you have to use that app for work or school, then you don’t really have a choice about it.

filchermcurr said:
It's like if your chosen community introduces a communal grill but you're a staunch believer in only obtaining barbecue from your approved barbecue joint because nobody ever got food poisoning there. You're absolutely free to continue to go to your safe barbecuery while the others in your community enjoy their backyard cookouts.
Click to expand...

It’s like if you moved into your chosen community in part because it had a longstanding “no communal grill rule”, but then your community is forced by the city to install a communal grill because a very vocal minority of its community members, who all knew about the “no communal grill rule” when they bought their house, AND knew the community across the street had a communal grill, but bought a house in your community anyway, started complaining to the city about the “lack of communal grill” rule.

And in the process of installing the communal grill, your community had to give a bunch of sketchy people the code to the community gate - and the sketchy people don’t care that YOU only get your barbecue at the bbq joint - they’re going to try to break into your house anyway and now they have the gate code, it’ll be a lot easier to get in.
 
  • Like
Reactions: mikeschr and TheDailyApple
bollman said:
Tell me you know nothing about security in macOS without telling me.
Click to expand...
You didn't say anything I didn't know... well, except I'm pretty sure you got something wrong here...

bollman said:
Your suggestion that all data should be sandboxed and not accessible by other applications would make macOS impossible to use in any productive way. The power of macOS is in fact the possibility to access the same data with different applications. This is by far the most asked for feature that iPadOS (and iOS) lacks at the moment.
Click to expand...
There is actually a directory shared across apps in iOS (and iPadOS). Check out the Files app > Browse > On My iPhone (or, presumably, iPad). I believe any app is free to read/write to this location, or create and modify directories that are within it.

Why don't any apps use it? Well... do you actually have any apps that would be improved by using it that aren't already? If so, I guess contact the developer?

There are real reasons that productive apps aren't on iPadOS, and this isn't it (the App Store is.)
 
filchermcurr said:
Fortunately nobody is stopping you from continuing to enjoy the walled garden. Simply don't download anything from outside of it. Nothing has changed by allowing alternatives so long as you don't use those alternatives.

It's like if your chosen community introduces a communal grill but you're a staunch believer in only obtaining barbecue from your approved barbecue joint because nobody ever got food poisoning there. You're absolutely free to continue to go to your safe barbecuery while the others in your community enjoy their backyard cookouts.
Click to expand...
Yes and hopefully politicians do not try and change things. As we know, most politicians are clueless about technology.
 
rp2011 said:
Yes and hopefully politicians do not try and change things. As we know, most politicians are clueless about technology.
Click to expand...

Most politicians are clueless about everything. Said that, as with most decisions, the changes to Apple's ecosystem were based on experts' opinions too and those experts were definitely not clueless.
 
boss.king said:
Why? I don’t run anti malware software on my Mac, why would I run it on my phone? If you feel you need it, that’s a you problem.
Click to expand...

You don't have gatekeeper running on your mac?

WarmWinterHat said:
I would be fine with that given the chance.
Click to expand...

Sure for most people it would be fine. But most of this kind of software takes away 30-40% of performance. Which means your device will be slower and will drain it's battery faster.
 
SanderEvers said:
You don't have gatekeeper running on your mac?
Click to expand...
I mean, if we’re talking stuff that’s built into the OS then I guess I’m also running anti-malware stuff on my iPhone. I just figured we talking about things the user has to choose to install and run.
 
icanhazmac said:
But then the EU comes in and cries about anti-competitive this and that... damned if you do, damned if you don't.
Click to expand...
It’s already built into the os, being that way for a long time and the EU has said nothing. Same with windows defender.
 
The one thing this prompt could do better is to say on the title WHO or WHAT is exactly asking for system credentials or permissions, with a “click to focus and bring to the front” button. The macOS “put your system’s user and password” tends to be quite generic.

Not exactly this case but for example at my company Teams and Outlook and a bunch of web services all ask daily for Microsoft Authenticator security prompts independently, sometimes they decide to ask again out of the blue, even several times a day.
I can’t do anything else but deny it and see if what I was doing has been logged out because I can’t be 100% sure if it was a cleverly timed phishing attack.

The constant spamming of security prompts is becoming a security issue itself.
 
  • Like
  • Wow
  • Love
Reactions: freedomlinux, Ramchi, surferfb and 1 other person
Manzanito said:
Their stupidity shouldn’t be reason enough to turn my mac into an iPhone so that apple can collect 30% of every app I need to use and making said software more expensive as a consequence.
Click to expand...

"[...] stupidity is the only universal capital crime: the sentence is death, there is no appeal, and execution is carried out automatically and without pity."
-Robert Heinlein
 
amartinez1660 said:
The one thing this prompt could do better is to say on the title WHO or WHAT is exactly asking for system credentials or permissions, with a “click to focus and bring to the front” button. The macOS “put your system’s user and password” tends to be quite generic.

Not exactly this case but for example at my company Teams and Outlook and a bunch of web services all ask daily for Microsoft Authenticator security prompts independently, sometimes they decide to ask again out of the blue, even several times a day.
I can’t do anything else but deny it and see if what I was doing has been logged out because I can’t be 100% sure if it was a cleverly timed phishing attack.

The constant spamming of security prompts is becoming a security issue itself.
Click to expand...
True, few months ago I had to undergo assessment at least two instances where I have failed the phishing simulation attack by the organisation itself; where the cleverly worded emails used the recent activity (within 15 minutes) to trap you and make you fail ! It was kind of psychoanalysis type emails where you deeply indulged in a work and you get an email with subject and content closely resembles your recent work! Just imagine ordinary folks who are not even trained on these.
 
Last edited:
  • Wow
Reactions: amartinez1660
wonderings said:
If you are getting CleanMyMac from the App Store you are fine, if you are getting from the developer (unless they have been compromised) you are fine, if you are downloading it from somewhere else then you are at risk and the question would be why would you get it anywhere else other then the developer or from the App Store?

Looking to download Grant Theft Auto IV for Mac, which as far as I am aware does not exist, it probably means you are looking for it for free, so probably a hacked version or malware on a torrent site listing it as GTA IV. And last one does not need an example.
Click to expand...
Yes. But why not have a situation where even if the user doesn’t realise the difference they can’t damage their system?

This is the whole point of iOS’s approach. I will never understand why users who want an idiot proof system cannot have one because other users want flexibility. The two can co-exist. Let me choose the walled garden of IOS and you can have windows or android. Why do we have to remove iOS’s walled garden so that their is no idiot proof system available on the market?
 
  • Like
Reactions: surferfb
davide_eu said:
Sorry, i didn't know you were considering a$$le user like children.
Click to expand...
A bit of friendly advice that you can feel free to ignore: I know you think the “a$$le” thing is clever, but it’s really not helping your arguments.

Back on topic, I’d honestly be much more ok with a “normal” mode and a “no, Apple, I really know what I’m doing” mode that was hidden behind a scare sheet or two - both on iOS and MacOS. Would solve a lot (not all) of my issues with the DMA, etc. if alternative app stores etc were hidden when “normal” users wouldn’t go, but power users/nerds would have more control over their devices.

I know the EU/Spotify would never go for it, but personally I think it’s be a great compromise.
 
  • Like
Reactions: Haiku_Oezu
davide_eu said:
Sorry, i didn't know you were considering a$$le user like children.
Click to expand...
Nothing rude from my side, but I encountered too many unbelievable sitations and finally desasters, that I had to repair.

It is simply just protecting these people from doing nonsense. The idea of surferb is intriguing. But these users - not knowing, what they do - often find that proposed toggle (normal/protected) quickly - still not knowing, what they do. So: just strictly keep them away from any possible fire. It is "no desert" - end of story, go to bed...
 
Is that what the password prompt looks like?
Because if it is why in the world would you trust it? It looks nothing like the real one - they didn’t even try to make it look like it

Also yeah giving a Trojan the keys to the kingdom has never been a good thing
 
rp2011 said:
I chose the Mac and iOS specifically BECAUSE it is a walled garden. Just as people choose communities they want to live in. If Apple is forced into being a homogeny with Android or Windows then what's the point?
Click to expand...
Just to repeat a fact, only iOS/IPadOS/tvOS/VisionOS are walled gardens relying on the Apple App Store for purchasing apps, MacOS has no such limitations on how you buy applications/utilities to install/use. You can readily install and download from developer's web sites. It's been this way for many years since web commerce supported that. ;)
 
Last edited:
  • Like
Reactions: splifingate and rp2011
axantas said:
Nothing rude from my side, but I encountered too many unbelievable sitations and finally desasters, that I had to repair.

It is simply just protecting these people from doing nonsense. The idea of surferb is intriguing. But these users - not knowing, what they do - often find that proposed toggle (normal/protected) quickly - still not knowing, what they do. So: just strictly keep them away from any possible fire. It is "no desert" - end of story, go to bed...
Click to expand...
I get your point and I can even agree. But in my experience I have seen too many times living in a garden that has let them lower their attention to the risks. That's my point. If you live in a dangerous place your life will be better in a safer place, not the opposite.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back