Jump to content

Fake "Adobe Flash Player.dmg" malware?

Recommended Posts

So I was cleaning out my downloads folder when I came across an "Adobe Flash Player.dmg", I assumed it must have just been some sort of update when I needed a flash player for something on the browser. So I opened it and when in installer window popped up I (stupidly) without even looking just double clicked on the icon which was titled "install.command" (see pics). Terminal then opened up and ran some code, which I've saved, I'll just paste the code it ran right here. Anyone able to tell me what this did, if I need to worry about it, and if so how to get rid of it? Thanks.


Last login: Sun Nov 18 16:18:14 on ttys000
MacBook-Pro:~ scotty$ /Volumes/Install/Install.command ; exit;
x ./mm-install-macos.app/
x ./mm-install-macos.app/Contents/
x ./mm-install-macos.app/Contents/_CodeSignature/
x ./mm-install-macos.app/Contents/Info.plist
x ./mm-install-macos.app/Contents/MacOS/
x ./mm-install-macos.app/Contents/PkgInfo
x ./mm-install-macos.app/Contents/Resources/
x ./mm-install-macos.app/Contents/Resources/__TBT_RequestForm.nib
x ./mm-install-macos.app/Contents/Resources/__TBT_Template_Base.nib
x ./mm-install-macos.app/Contents/Resources/locked.icns
x ./mm-install-macos.app/Contents/Resources/MainWindow.nib
x ./mm-install-macos.app/Contents/Resources/mm-install-macos.icns
x ./mm-install-macos.app/Contents/MacOS/mm-install-macos
x ./mm-install-macos.app/Contents/_CodeSignature/CodeResources
2018-11-22 00:10:51.312 mm-install-macos[52068:11813830] __tbt_findStubPath PPID: 52040
2018-11-22 00:10:51.312 mm-install-macos[52068:11813830] __tbt_findStubPath CMD: ps -wwo args 52040 | tail -1 | sed -nE 's/(\/bin\/bash[ ]?)([^ ]+).*/\2/p'
2018-11-22 00:10:51.535 mm-install-macos[52068:11813830] __tbt_findStubPath fullPath: /Volumes/Install/Install.command
2018-11-22 00:10:51.535 mm-install-macos[52068:11813830] __tbt_getMountingPoint originalPath (1): /Volumes/Install/Install.command
2018-11-22 00:10:51.535 mm-install-macos[52068:11813830] __tbt_getMountingPoint originalPath (2): /Volumes/Install/Install.command
2018-11-22 00:10:51.535 mm-install-macos[52068:11813830] __tbt_getMountingPoint mountingPoint (1): /Volumes/Install
2018-11-22 00:10:51.535 mm-install-macos[52068:11813830] __tbt_getMountingPoint mountingPoint (2): /Volumes/Install
2018-11-22 00:10:51.800 mm-install-macos[52068:11813830] __tbt_getDmgSourcePathByMountingPoint mountingPoint=/Volumes/Install plistData=<3c3f786d 6c207665 7273696f 6e3d2231 2e302220 656e636f 64696e67 3d225554 462d3822 3f3e0a3c 21444f43 54595045 20706c69 73742050 55424c49 4320222d 2f2f4170 706c652f 2f445444 20504c49 53542031 2e302f2f 454e2220 22687474 703a2f2f 7777772e 6170706c 652e636f 6d2f4454 44732f50 726f7065 7274794c 6973742d 312e302e 64746422 3e0a3c70 6c697374 20766572 73696f6e 3d22312e 30223e0a 3c646963 743e0a09 3c6b6579 3e667261 6d65776f 726b3c2f 6b65793e 0a093c73 7472696e 673e3438 302e3630 2e313c2f 73747269 6e673e0a 093c6b65 793e696d 61676573 3c2f6b65 793e0a09 3c617272 61793e0a 09093c64 6963743e 0a090909 3c6b6579 3e617574 6f646973 6b6d6f75 6e743c2f 6b65793e 0a090909 3c747275 652f3e0a 0909093c 6b65793e 626c6f63 6b636f75 6e743c2f 6b65793e 0a090909 3c696e74 65676572 3e323034 38303c2f 696e7465 6765723e 0a090909 3c6b6579 3e626c6f 636b7369 7a653c2f 6b65793e 0a090909 3c696e74 65676572 3e353132 3c2f696e 74656765 723e0a09 09093c6b 65793e68 6469642d 7069643c 2f6b6579 3e0a0909 093c696e 74656765 723e3532 3031383c 2f696e74 65676572 3e0a0909 093c6b65 793e6963 6f6e2d70 6174683c 2f6b6579 3e0a0909 093c7374 72696e67 3e2f5379 7374656d 2f4c6962 72617279 2f507269 76617465 4672616d 65776f72 6b732f44 69736b49 6d616765 732e6672 616d6577 6f726b2f 5265736f 75726365 732f4344 69736b49 6d616765 2e69636e 733c2f73 7472696e 673e0a09 09093c6b 65793e69 6d616765 2d616c69 61733c2f 6b65793e 0a090909 3c646174 613e0a09 09094141 41414141 47674141 49414141 784e5957 4e70626e 52766332 67675345 51414141 41414141 41414141 41414141 41414141 44550a09 09096a6f 536d5343 73414141 41486b30 30575157 5276596d 5567526d 78686332 67675547 78686557 56794c6d 52745a77 41414141 41410a09 09094141 41414141 41414141 41414141 41414141 41414141 41414141 41414141 41414141 41414141 41414141 41414141 41414144 69300a09 09093764 67583078 51414141 41414141 41414150 2f2f2f2f 38414141 6b674141 41414141 41414141 41414141 41414141 41414355 52760a09 09096432 35736232 466b6377 41414541 41494141 44556a66 67474141 41414551 41494141 44594630 5a304141 41414151 414d4141 65540a09 09095451 41486b30 6f41426d 6c4f4141 49415055 31685932 6c756447 397a6143 42495244 70566332 5679637a 6f416332 4e766448 52350a09 09094f67 42456233 64756247 39685a48 4d364145 466b6232 4a6c4945 5a735958 4e6f4946 42735958 6c6c6369 356b6257 63414141 34410a09 09094c67 41574145 45415a41 42764147 49415a51 41674145 59416241 42684148 4d416141 41674146 41416241 42684148 6b415a51 42790a09 09094143 34415a41 42744147 63414477 41614141 77415451 42684147 4d416151 42754148 51416277 427a4147 67414941 42494145 51410a09 09094567 41745658 4e6c636e 4d766332 4e766448 52354c30 52766432 35736232 466b6379 39425a47 39695a53 42476247 467a6143 42510a09 09096247 46355a58 49755a47 316e4141 41544141 45764141 41564141 49414466 2f2f4141 413d0a09 09093c2f 64617461 3e0a0909 093c6b65 793e696d 6167652d 656e6372 79707465 643c2f6b 65793e0a 0909093c 66616c73 652f3e0a 0909093c 6b65793e 696d6167 652d7061 74683c2f 6b65793e 0a090909 3c737472 696e673e 2f557365 72732f73 636f7474 792f446f 776e6c6f 6164732f 41646f62 6520466c 61736820 506c6179 65722e64 6d673c2f 73747269 6e673e0a 0909093c 6b65793e 696d6167 652d7479 70653c2f 6b65793e 0a090909 3c737472 696e673e 55444946 20726561 642d6f6e 6c792063 6f6d7072 65737365 64202862 7a697032 293c2f73 7472696e 673e0a09 09093c6b 65793e6f 776e6572 2d756964 3c2f6b65 793e0a09 09093c69 6e746567 65723e35 30313c2f 696e7465 6765723e 0a090909 3c6b6579 3e72656d 6f766162 6c653c2f 6b65793e 0a090909 3c747275 652f3e0a 0909093c 6b65793e 73797374 656d2d65 6e746974 6965733c 2f6b6579 3e0a0909 093c6172 7261793e 0a090909 093c6469 63743e0a 09090909 093c6b65 793e636f 6e74656e 742d6869 6e743c2f 6b65793e 0a090909 09093c73 7472696e 673e4755 49445f70 61727469 74696f6e 5f736368 656d653c 2f737472 696e673e 0a090909 09093c6b 65793e64 65762d65 6e747279 3c2f6b65 793e0a09 09090909 3c737472 696e673e 2f646576 2f646973 6b323c2f 73747269 6e673e0a 09090909 3c2f6469 63743e0a 09090909 3c646963 743e0a09 09090909 3c6b6579 3e636f6e 74656e74 2d68696e 743c2f6b 65793e0a 09090909 093c7374 72696e67 3e343834 36353330 302d3030 30302d31 3141412d 41413131 2d303033 30363534 33454341 433c2f73 7472696e 673e0a09 09090909 3c6b6579 3e646576 2d656e74 72793c2f 6b65793e 0a090909 09093c73 7472696e 673e2f64 65762f64 69736b32 73313c2f 73747269 6e673e0a 09090909 093c6b65 793e6d6f 756e742d 706f696e 743c2f6b 65793e0a 09090909 093c7374 72696e67 3e2f566f 6c756d65 732f496e 7374616c 6c3c2f73 7472696e 673e0a09 0909093c 2f646963 743e0a09 09093c2f 61727261 793e0a09 09093c6b 65793e77 72697465 61626c65 3c2f6b65 793e0a09 09093c66 616c7365 2f3e0a09 093c2f64 6963743e 0a093c2f 61727261 793e0a09 3c6b6579 3e726576 6973696f 6e3c2f6b 65793e0a 093c7374 72696e67 3e31302e 31337634 38302e36 302e313c 2f737472 696e673e 0a093c6b 65793e76 656e646f 723c2f6b 65793e0a 093c7374 72696e67 3e417070 6c653c2f 73747269 6e673e0a 3c2f6469 63743e0a 3c2f706c 6973743e 0a>
2018-11-22 00:10:51.801 mm-install-macos[52068:11813830] __tbt_getDmgSourcePathByMountingPoint imageSourcePath=/Users/scotty/Downloads/Adobe Flash Player.dmg
2018-11-22 00:10:51.801 mm-install-macos[52068:11813830] __tbt_getInjectedParams dmgSourcePath: /Users/scotty/Downloads/Adobe Flash Player.dmg
2018-11-22 00:10:51.830 mm-install-macos[52068:11813830] __tbt_getInjectedParams :: kMDItemWhereFroms: (
2018-11-22 00:10:51.830 mm-install-macos[52068:11813830] __tbt_getInjectedParams :: URL: 
2018-11-22 00:10:51.830 mm-install-macos[52068:11813830] __tbt_getInjectedParams :: URL: 
2018-11-22 00:10:51.830 mm-install-macos[52068:11813830] __tbt_getInjectedParams injected params: 
2018-11-22 00:10:56.922 defaults[52074:11813887] No domain, key, nor value containing 'SearchQuick'
ls: /Users/scotty/Library/Application Support/Firefox/Profiles/: No such file or directory
2018-11-22 00:10:57.149 defaults[52080:11813949] No domain, key, nor value containing 'search-quick'
ls: /Users/scotty/Library/Application Support/Firefox/Profiles/: No such file or directory
Saving session...
...copying shared history...
...saving history...truncating history files...
Deleting expired sessions...11 completed.

[Process completed]


Screen Shot 2018-11-22 at 12.44.14 am.png

Screen Shot 2018-11-22 at 12.43.57 am.png

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.