Hey everyone! I'm looking for some expert advice to help secure my Mac after running a suspicious command in Terminal. Yesterday, I accidentally executed a command that involved using 'curl' and running a base64 encoded URL, and now I'm really worried about potential security issues. My system runs macOS Tahoe (macOS 15), and I executed this command using my main admin account. I've already checked certain areas like LaunchAgents and SSH keys and found nothing unusual, plus I ran a tool called Moonlock which didn't detect any threats. I haven't logged into any sensitive accounts, just Instagram so far. My main concerns are: 1) Are there more checks I should perform to confirm my Mac's integrity? 2) Is a full erase and reinstall the only foolproof way to ensure I'm safe? 3) What warning signs of compromise should I look out for? Any advice from experienced users or Apple specialists would be greatly appreciated! Thanks for your help!
3 Answers
If it avoids infecting certain locations based on your settings, that's a huge red flag! It sounds like your machine might already be compromised. And honestly, how does one 'accidentally' run a Terminal command? That's a little suspicious in itself.
I'd recommend wiping your machine entirely. That base64 string you ran decodes to a sketchy URL, which could lead to a malicious payload. It's best to be safe rather than sorry—even if nothing seems amiss, better to start fresh than take any chances. How did you even get that command, though? That's really concerning!
Sounds like you might have encountered a malicious loader attack! First off, it's crucial to change your passwords right now and clear your browser history. It's great that you've checked some LaunchAgents, but keep an eye on the Activity Monitor—look at the Network tab for any suspicious processes sending data to unknown IP addresses. Given the nature of that command, I recommend going to settings and using the option to erase all content and settings. Yeah, it seems extreme, but that’ll wipe your Mac clean. Also, make sure to back up your important files on a thumb drive before you do anything!
Definitely back up your important stuff! Just in case, you don't want to risk losing any significant files.
Agreed! And also, avoid visiting that suspicious site—it could just make things worse.