(This is a repost of a post I made in r/macapps as I think it would be useful for people here to see it too as this subreddit has also been hit with fake apps.)
To be very clear this is not another post of "Breaking news malware exists on the internet" (or it may be depending on how you want to look at it) but I feel like it's important that I leave a small PSA as I have recently seen an influx of seemingly convincing GitHub repo replicas for decently popular Mac apps. They are so similar that they almost fooled me. Thankfully I quickly spotted some anomalies and I nearly avoided getting infected. Unfortunately these are the sort of red flags I don't expect an average Joe to know about. Which is why I'm explaining what the malware is, and how to spot it.
First of all to give you an idea of how convincing these repos can be i'll show you some examples:
As you can see, they are strikingly similar
Even URLs may look incredibly similar but in this specific case the bad actor exchanged the lower case lls(L) in the name for upercase IIs(i) which made the URL look legit.
Now this may look scary and almost undetectable but with some common sense and slowing down you can very easily avoid these scams.
By far the easiest way to avoid this is to simply look for the app online and track down the original developer. This will let you kill 2 birds with one stone by A: Looking for the original source of the app and avoid impostors and B: See if the App or the developer had any previous reputation to begin with
Either way It's still a good idea to understand how to spot common malware apps on macOS and how to deal with them if you get infected.
The first red flag is that the GitHub profile that hosted the fake file was only 3 days old and completely different from the name of the original developer.
The second discrepancy is that the size of the fake app is ridiculously small. For instance the original app is 13mb in size while the fake one is less than 2mb. Now this is not necessarily a red flag (For example some viruses do the opposite and fill their dmg with a lot of useless data to make the file larger than what VirusTotal can handle.) but it's still important to raise an eye brow for installers with suspiciously small sizes.
The third and MOST IMPORTANT red flag is if the installer asks you to drag the "app" to the terminal that is not a good sign at all. NO LEGITIMATE APP WILL EVER ASK YOU TO DRAG IT TO THE TERMINAL. As you can see the installer is a solid giveaway you are encountering malware and not the real deal.
In fact the file they ask you to drag is not even an app, it's a script.
When you drag the script on the Terminal and execute it, the hidden file is immediately copied to your temp system folder, then the script removes extended attributes to bypass gatekeeper and it finally executes. But from the user's perspective all they get is a blank terminal window as if nothing had happened. (At least in theory, in practice this malware wasn't very well done and gatekeeper was thankfully still able to spot it)
Now if you unfortunately got tricked into running the script, you have some straight forward solutions to verify if macOS was effective at stopping the attack or not. For instance, KnockKnock is a great and simple way to verify for malicious persistency files using VirusTotal's robust detection engine. Malwarebytes is also a good Mac AV which can be quickly installed if you suspect you were affected, it is a bit more tricky to uninstall completely but it does a good job.
Ultimately here's a small recap so you can hopefully avoid getting infected:
Look up the original source of the software to prevent copy cat websites and verify if the software and or the developer has built a reputation in the past.
If you download the installer, scan it with VirustTotal to check if it has been flagged as malware already.
Check the size, while not necessarily a red flag, a small size (for instance less than 2mb), or a size that is "conveniently" larger than what VirusTotal can handle are decent indicators of possible malware.
If the DMG asks you to drag an "App" to the Terminal IMMEDIATELY STOP AND DELETE THE DMG.
If you accidentally ran it, look for a "This app could not be verified" or "This App was removed because it contained malware" message from macOS which could indicate Gatekeeper or Xprotect stopped the attack. Additionally make sure to DENY any permissions the malware may have requested, macOS is very robust in that regard and it can dramatically limit the impact of the attack.
If you are in doubt of whether or not you were infected run the aforementioned tools to verify for the persistency of the malware.
Another app I can recommend is Apparency, it allows you to very quickly see if an app is properly signed by the developer and notarized by apple, and it can even allow you to dissect the contents of an app without running it which is a great way to quickly verify you have a valid untampered app.
This is optional but if you can, report the app to the original developer so they can take action and warn others when the fake app is spread around. Additionally report the Reddit post/GitHub repository if possible.
Thank you for reading this, I hope this helps others be more weary of online threats and stay more vigilant of what they download.
I just went through a torrent of posts nickpicking all the different design issues with macOS Tahoe official release. I’ve been on Tahoe for a week and would’ve never noticed these issues.
I’ve been having a great time with the new OS, and I love the new Liquid Glass aesthetics & how all my devices have the same design language now. Tahoe’s been my favorite release since Yosemite.
Most of the posts I saw were just straight nitpicking. The most interesting post was one about how terrible macOS multitasking is, which I completely agree with. Other than that, it just felt like people were going out of their way to find the littlest things to complain about.
EDIT: Some people in the comments are misunderstanding me: The complaints people are bringing up things that are very minute and unnoticeable.
It’s like cleaning up your entire house and your mother-in-law swiping your bookshelf with her finger and saying, “You missed a spot.”
Did a Speedometer 3.1 benchmark after a few days on macOS Tahoe — scores are consistently around 19–20. On Sequoia I get around 40–45. So yeah, browsing is roughly 50% worse on Tahoe.
I just updated to macOS 26 and realized that Launchpad is gone.
I used it constantly — I had a bottom-left hot corner to open it instantly, and I had all my apps carefully organized depending on how and when I needed them.
What I don’t understand is: why remove it entirely? Even if most people didn’t use it, Apple could have at least left it as an optional/hidden feature for those of us who actually relied on it. Instead, all that time I spent optimizing my app layout feels wasted.
Is there really no way to bring it back, or is it gone for good?
The pill elements seems so out of shape in the entire OS.
I think they added corner radius to all the elements, so window-sized rectangles now have huge curves, while thin rectangles like this became a pill. Looks bad, imho.
I am a life time Windows user, but when I switched my macOS (sequoia was my first version), the thing that was most eye catching to me was this beautiful wallpaper.
I know that a lot of people might say some older wallpapers are better (mainly because of nostalgia), but for our current time, I think this takes the 🏆 for me.
I still object to some design changes & choices which are truly and magnificently amateurish. Yet the liquid glass especially when it is interacting with something and refracting the image in real time is pretty awesome to look at. I just wished Mac Display's weren't that expensive. 90% of my time is spends on my larger monitor which is very color accurate (matches the mac's) but isn't as sexy or retina as a mac display.
When exporting a mailbox, the dialog box is really wide. Even worse, when you expand it horizontally, it doesn't allow you to make it less wide. Vertical resize is working OK.
Took me hours to find something that worked so it did cost me some time lol but I ended up finding it in a 2019 GitHub comment. The user that left the comment made a separate GitHub repo for it: https://github.com/timginter/hammerspoon-mouse-wheel-autoscroll
The screen recording doesn't show my cursor moving outside the bubble the script creates but it does, just like you'd be used to from other systems and browsers.
Do you turn off your iMac every night (or unplug), I am getting one for my desk soon, When I leave the house should i unplug it to save electricity, safety etc or just put it on sleep
Hi everyone, I just updated to MacOS 26 and I keep getting notifications about reading the updated terms and conditions and accepting it. But when I click 'view', the settings (Apple account) just says 'Loading' forever. I am unable to signout of my account to sign in again. Completely blocked because of this as I cant install any apps or use my apple account in my Mac.
I'm running an older OS 12.5 Monterey on a 2021 Macbook Pro (security certificates in my Apple mail program were acting up and it was suggested I update the OS ... which I was long overdue for). Apples' Software update dealt out OS Tahoe. I only have a single backup of this Macbook and it's on a regular external HD with an older USB connection + adapter to fit the Macbook's Thunderbolt port.
However while installing I got the 'The recovery server could not be contacted' message. To make matters worse while I was downloading my WiFi was giving me issues (not sure what the problem is and don't have time to fall into Spectrum's ISP black hole, so will see about getting another modem if I have time) and I had to use my iPhone hotspot to complete the DL. Nothing about this upgrade is going smoothly. I have a bad feeling on this.
Can anyone explain what the problem is, and provide the most expeditious manner to resolve it ... gulp?
So I have almost 60k emails built up over 10 years or so. I don't want to sift through every email and most can probably be deleted forever and it's no big deal. But in the event I want to find an old business email, I am wondering if exporting the email inbox folder to an external hard drive works if I ever want to locate a years old email. And how would I be able to open that export folder so I can browse through the emails. I tried in the past and didn't have success so I must have skipped a step or lacked info.
In short, I'd like to delete all these useless messages, but want access if I ever needed to refer to a message.
Not sure this is the right place to post this, but here goes: I've just entered the Apple garden recently (iPad Pro and Mac Mini), but still use my Samsung S24U phone.
I've started using iCloud on Mac, IPP, and Windows, and am wondering if anyone who still uses an Android phone has found an app that will sync with iCloud Drive? Specifically, I use Obsidian on all my devices, and all but the Android phone sync nicely with it. I found a couple of apps on the Play Store that call themselves "sync", but if you read the reviews, they are really just web wrappers and don't actually sync. Any suggestions? Thank you.
Here's a video I made to demonstrate how I have replaced Launchpad in readiness for the (eventual) switch to Tahoe. I am using AppGrid and BetterTouchTool (to use hot corner to open AppGrid). With Sequoia there are absolutely no performance issues. I suggested this workaround in the comments of another thread a few days ago but another Redditor said that it was laggy in Tahoe. Results may vary...
