Ex. IT admin here, returned to MacOS a year or so ago after ~2 decades on other platforms. So broadly experienced, but TBH fairly naive when it comes to more complex MacOS issues, so looking for some wise advice.
System is a MBP M4, running current MacOS.
A few months ago I installed Whisky app (via Github IIRC) in order to run 'MS Visio' as I needed to open some .vsd files. That sort of worked OK, and I did what I needed, then forgot about the 'Whisky' install.
This morning I needed to open an old .vsd file again, so fired up 'Whisky'. I got some odd warnings about Whisky wanting access to stange places it has no need to, iCloud drive and so on.
There was an a noticable delay before the Viso windows appeared, then all hell broke loose with multiple script windows popping up briefly, it was obviously highly dodgy was the executable path names had some weird stuff like 'windows 128-bit', and some German-looking language.
I quickly shut the Macbook lid to stop any further activity. But, what to next ?
A quick search didn't reveal very much useful guidance on how to deal with a compromised MacOS instance, how to alert the community and so on.
Ideally I'd like to boot the Mac off a clean OS instance, in order to try and see what has happened, copy off my 'docs' from my home directory, before blowing the OS away and restoring the whole machine from my last backup.
System is a MBP M4, running current MacOS.
A few months ago I installed Whisky app (via Github IIRC) in order to run 'MS Visio' as I needed to open some .vsd files. That sort of worked OK, and I did what I needed, then forgot about the 'Whisky' install.
This morning I needed to open an old .vsd file again, so fired up 'Whisky'. I got some odd warnings about Whisky wanting access to stange places it has no need to, iCloud drive and so on.
There was an a noticable delay before the Viso windows appeared, then all hell broke loose with multiple script windows popping up briefly, it was obviously highly dodgy was the executable path names had some weird stuff like 'windows 128-bit', and some German-looking language.
I quickly shut the Macbook lid to stop any further activity. But, what to next ?
A quick search didn't reveal very much useful guidance on how to deal with a compromised MacOS instance, how to alert the community and so on.
Ideally I'd like to boot the Mac off a clean OS instance, in order to try and see what has happened, copy off my 'docs' from my home directory, before blowing the OS away and restoring the whole machine from my last backup.
Strangely its fine on my Win 10 PC (now retired). I think it unlikely MacOS was targeted at all.