Malware in .package files?

[razzarizz]

I'm not certain if this is a proper question to ask here, but since I rely pretty exclusively on Malwarebytes, I thought I would try my luck!

I recently restored several .package files from a backup, and have since been a bit worried about the possibility of them having been corrupted.  To be honest, Malwarebytes has never detected anything on my system, and I tend to let my own fears get the best of me regarding wiping my hard drive (not so long ago I had a run-in with a tech support scam wherein I allowed someone access to my system, and I've had a hard time trusting my system ever since!), but I'm curious: if there were malware of any description hidden in these .package files, would Malwarebytes detect it?  Can malware even be hidden in .package files?  When I allowed remote access to my laptop, I was told the only things I should restore were documents, which I took to mean photos or text documents; however, the "Get Info" panel describes .package files as "Kind: Document."

I trust the sources the files came from, but the process of downloading them tended to involve a number of dodgy redirects (again, Malwarebytes detected nothing on my system), and rather than drive myself crazy worrying, I thought I would pose the question to someone who (hopefully!) knows better than me.

Thank you so much for your help, and I'm really sorry if this isn't the right place to ask this question!

[pondus]

Quote

 if there were malware of any description hidden in these .package files, would Malwarebytes detect it?  

If they are not to old, malwarebytes want fresh malware not older then 3 months

you can upload and test suspicious file(s) here www.virustotal.com  /  www.metadefender.com  /  www.jotti.org

if tested before, always click rescan so you get a fresh result

 

[treed]

Are you referring to files with a literal extension of ".package", or are you referring to files with the .pkg extension?

If the former, those are SimCity files. There is no known Mac malware being distributed inside such files. I cannot rule out the possibility of malicious files being added to a .package file, as any application may have unknown vulnerabilities that a hacker might find, but this is pretty unlikely. Unless you've got a very specific reason to believe that a .package file is infected, it probably isn't.

If you're referring to .pkg files, which are Mac installer files, those are certainly often used to deliver malicious payloads. Never open a .pkg file from an unknown source! However, it's not so easy to modify an existing .pkg file, so if your concern is that a trusted .pkg file on your computer has been modified by malware that was previously installed on your system, that's very unlikely. No Mac malware has ever been known to do this sort of thing.

[razzarizz]

16 hours ago, pondus said:

If they are not to old, malwarebytes want fresh malware not older then 3 months

you can upload and test suspicious file(s) here www.virustotal.com  /  www.metadefender.com  /  www.jotti.org

if tested before, always click rescan so you get a fresh result

 

Thank you for the help!  I conduct Malwarebytes scans fairly regularly, so I assume it would have caught something.

Given how long the scan took, I did only run one file through VirusTotal, but it came back clean, which was probably to be expected.

 

5 hours ago, treed said:

Are you referring to files with a literal extension of ".package", or are you referring to files with the .pkg extension?

If the former, those are SimCity files. There is no known Mac malware being distributed inside such files. I cannot rule out the possibility of malicious files being added to a .package file, as any application may have unknown vulnerabilities that a hacker might find, but this is pretty unlikely. Unless you've got a very specific reason to believe that a .package file is infected, it probably isn't.

If you're referring to .pkg files, which are Mac installer files, those are certainly often used to deliver malicious payloads. Never open a .pkg file from an unknown source! However, it's not so easy to modify an existing .pkg file, so if your concern is that a trusted .pkg file on your computer has been modified by malware that was previously installed on your system, that's very unlikely. No Mac malware has ever been known to do this sort of thing.

A literal ".package" extension, yes! I assume if the .package file was downloaded from a legitimate source, it's pretty unlikely that malware could be added to the file later? I don't really have any specific reason to be worried about this, other than the fact that the website I downloaded the files from (Mediafire) has a tendency to redirect to pretty dubious websites after you download the file. I was concerned that somehow, some way, I could have picked something up from one of those redirects that modified the .package, but I understand that's probably a bit out there, as for as concerns go.

[treed]

I don't know how unlikely it is that malware could be added to a .package file... depends in part on whether this is actually a file or if it's a Mac OS X "bundle" (ie, a folder pretending to be a file), and also on whether there's any executable code normally found inside it. I don't know anything about these SimCity files, so I don't know whether that's actually possible or not.

If it is possible... well, no malware author has ever done that before. That doesn't mean it couldn't happen (assuming it's possible in the first place), but it does mean that it would be pretty unlikely for you to be "lucky" enough to see that behavior for the first time ever. Still, if you think that file might have been downloaded from a questionable source, it's best to be safe rather than sorry.

Hope that's as helpful as it is vague!