terminal app running suspiciously

[Ogdogdaddy]

I found my MacBook Pro (running BigSur 11.2.3) with the terminal app running and indicating a "last login:" a couple of days prior. I have only used terminal once to provide Microsoft support with a system log and that was a few weeks ago. The message in terminal's window said "The default interactive shell is now zsh." Then it spells out an apple support site to get more information on the zsh default shell. Do I have to worry about this? Could I hacker have gotten in and done something nefarious with my Mac? And would my Malwarebytes Premium detect such a hack (it shows no malware after scanning). Any information would be appreciated.

suspicious screen in %22terminal%22 program.pdf

[exile360]

Greetings,

Did you have to pay Microsoft support by any chance?  The reason I ask is because there are some scammers that attempt to deceive computer users by displaying false alerts in their browsers and using other deceptive tactics, indicating to the user that their system is infected with a virus or other malware, then provide them with a phone number to contact for support, often claiming to be from a reputable company like Microsoft.  In the process of 'helping' users, they will often get remote access to the victim's device, claiming they are fixing it and charging the victim and/or getting their credit card and/or bank information in the process.

If that is what happened, the terminal pop-up you're seeing may be due to something left behind by the scammers on the machine.

If that is not what occurred, then please disregard, I just wanted to make certain you were aware of the issue if you might have been targeted by such scammers as so many have been in recent years.

[Ogdogdaddy]

Thank you very much for your quick reply. I didn't pay for the support as I subscribe to Office 365. I contacted Microsoft support from the help menu in Outlook. All their support was handled through chat and when they asked for my log file they told me how to run it with terminal and I uploaded it to a sharing site which I gave them access to. I didn't like the idea of handing them a log but.... So you think I don't have to worry about this terminal window not being opened by me? That would be quite a relief since I do online banking from my Mac and use Malwarebytes Premium and Privacy.

 

[exile360]

Excellent, I just wanted to make certain.  It sounds like you were in contact with the actual Microsoft support so it should be OK, especially if they only interacted with you via chat and gathered info through logs; there should be no risk to your personal or financial info as system logs are unlikely to contain such information.

With all of that said, I'm honestly not too familiar with Macs so I can't speculate as to the reason the terminal window was displayed, but my best guess would be that it was likely done as part of a program or system update for your Mac, however if you have any reason to believe that your Mac might be infected we do have members of our team who specialize in malware removal for Macs and they can aid you in checking your system.

If you desire to seek their assistance, please create a new topic in our Mac malware removal help area by clicking here and one of them will assist you as soon as they are available.

I hope that I have been able to at least somewhat set your mind at ease, and if there is anything else we might be of help with please let us know.

Thanks

[Ogdogdaddy]

Thank you very much exile360! I will contact your folks who specialize in malware removal for Macs just to be sure. 

[exile360]

You're welcome.  I hope your system is not infected, but better safe than sorry, at least that's my thinking.