More Mac malware from Google search(eclecticlight.co)
74 pointsby kristianp5 hours ago9 comments
  • emilecantin2 minutes ago
    Attacks like this are not helped by the increasingly-common "curl | bash" installation instructions (e.g. the new "native" Claude Code install)...

    Publish through homebrew like a civilized person, please!

  • aucisson_masque3 hours ago
    At least macos has file access permissions.
    • zx80802 hours ago
      Comparing to DOS or what? No one runs Win10/11 on FAT now, while NTFS has access permissions and ACLs.
      • retired2 hours ago
        I remember that Win32 apps on Windows 10 and 11 can do whatever they want with the users personal files. Has that changed?
    • tokyobreakfastan hour ago
      What does that even mean? NTFS file access permissions (35 years old at this point) are far more powerful than 1970s-era Unix permissions model.
      • emmelaich39 minutes ago
        It's referring to the fact that Terminal doesn't have free access to all your files and folders, despite what the traditional file access perms say.
      • tcoff91an hour ago
        He’s talking about sandboxing and permissions prompts
  • baxtr3 hours ago
    Actually… I think this be solved by AI answers. I don’t look up commands on random websites, instead I ask an LLM for that kind of stuff. At the very least, check your commands with an LLMs.
    • OsrsNeedsf2P2 hours ago
      Yesterday I was debugging why on Windows, my Wifi would randomly disconnect every couple hours (whereas it worked on Linux). Claude decided it was a driver issue, and proceeded to download a driver update off a completely random website and told me to execute it.

      My point is, this is not solved by AI answers.

    • goalieca2 hours ago
      What we used to have, 15 years ago, was a really well functioning google. You could be lazy with your queries and still find what you wanted in the first two or three hits. Sometimes it was eerily accurate and figuring out what you were actually searching for. Modern google is just not there even with AI answers which is supposed to be infinitely better at natural language processing.
      • macintuxan hour ago
        Google was such a revelation after the misery of Alta Vista and kin. I miss the days when I liked them.
    • Fnoord11 minutes ago
      LLMs will allow Mal to sneak in backdoors in the dataset. Most of the popular LLMs use some kind of blacklisting instead of a smaller specific/specialised dataset. The latter seems more akin to whitelisting.
    • al_borland2 hours ago
      Don’t the LLMs get their information from these random websites? They don’t know what is good and what is malware. Most of the time when I get an AI answer with a command in it, there is a reference to a random reddit post, or something similar.
  • retired3 hours ago
    Thanks for reminding me to turn off Full Disk Access for Terminal. I'm not sure why I had that one turned on.
    • latexr3 hours ago
      Probably because you can’t even properly `ls` system directories without it.
      • frizlab2 hours ago
        depends which directories…
    • al_borland2 hours ago
      What would you do in the terminal without it?
    • LtWorf2 hours ago
      Because it is useless without?
    • pkulak2 hours ago
      lol, is this serious? The final straw with Mac for me was when I accidentally hit “No” when asked if I wanted to give my terminal access to the file system. All of a sudden I was starting my work day without a working terminal. Obviously there was a solution, probably an easy one, but I didn’t even look for it.
      • troad22 minutes ago
        > The final straw with Mac

        > Obviously there was a solution, probably an easy one, but I didn’t even look for it

        It's hard to take this seriously. It's the most obvious setting possible. Settings > Privacy & Security > Full Disk Access > tick the apps you want to have it.

        What's even the complaint here? That Mac has solid app permissions, but you can't be bothered to open the settings?

      • retired2 hours ago
        The solution is to enable Full Disk Access in settings.
  • tokyobreakfastan hour ago
    Are we still pushing the myth that anti-malware on Mac isn't necessary?
    • jtbaylyan hour ago
      I support quite a few Mac users and never recommend it myself. Also own a couple Mac’s and don’t use it.

      I do occasionally use an app to clean somebody’s Mac of an irritating browser search hijack. I’ve never seen anything else.

      Why should I change my mind?

    • GeekyBearan hour ago
      How does antivirus software protect users who paste malicious commands they find online into the terminal?
      • quamserenaan hour ago
        By scanning downloaded binaries for known viruses?
        • GeekyBearan hour ago
          A text command pasted into the terminal isn't a binary.

          Convincing a Linux user to paste rm -rf / into the terminal is not malware. It's social engineering.

          Scanning binaries for known malware is already built into the OS.

          • wpm33 minutes ago
            Endpoint security software on the Mac, if it's worth the hit to system resources that is, inspect every call to exec and fork that occur in the kernel and also inspect those for known attack vectors, malicious scripts, etc. The one I have installed on my work Mac will kill reverse shell attempts before they are run. Will stop keychain attacks. Infostealing (as they can also get every file system op as they are happening in the kernel).

            Gatekeeper and Xprotect are good, but there's only so much they can do.

          • sithadmin44 minutes ago
            The article specifically mentions that the methodology here is to trick users into running an obfuscated CLI command…that downloads and runs a binary
            • GeekyBear34 minutes ago
              Terminal commands have the ability to do dangerous things, like deleting all the user's files.

              In this case, the user is warned that the command wants to do something dangerous and must manually allow or deny the action.

    • CharlesWan hour ago
      No, that narrative died around 2010. The existence of malware targeting Macs has driven many macOS security improvements since, many of which are taken personally by HN readers.
    • sneak28 minutes ago
      It is necessary. That’s why Apple ships a free invisible one bundled into the OS that you never have to think about, see, or update.
    • LoganDarkan hour ago
      XProtect (Apple's built-in antimalware) is usually all you need, as long as you're at least somewhat savvy (and sometimes even if you aren't). I believe installing any additional antimalware on a Mac is a waste of resources.
  • tolerancean hour ago
    Another reason to avoid Medium like cold grits.
  • jeffbee3 hours ago
    This sucks because the web should be the perfect, safe platform for this kind of application, but it isn't. Technically all the features exist in the browser such that you could write a homedir cleaner, space analyzer, etc purely in a browser tab, but because of the misguided (in my opinion) way that browsers refuse to do open a homedir, it's impossible.
    • digiown3 hours ago
      I'm not sure letting a webapp access your home is a good idea. You're basically YOLOing random remote code to run on your machine. Maybe we can have it access some specific folder for its own data.

      And then there's also Apple which won't allow functional web apps, lest it affects their app store 30% cut.

      • trollbridgean hour ago
        Seems like a great idea for something to just run inside a chroot jail (or the modern equivalent, a container).
      • jeffbee3 hours ago
        The web already has these APIs, it can be granted read-only permissions to designated directories. But the browsers will refuse to allow you to delegate even read-only access to, for example, the macos ~/Applications folder, on the pretty shaky basis of it being "system files". Because of that policy the API is not useful for the application of a space analyzer.
  • etrvic3 hours ago
    A solution would be to stop shipping macs with the terminal app\s. Computers are now used by a wide variety of people, some without technical knowledge, maybe a default switch on macOS that displays warnings on rather trivial attacks would help.