Recent content by dlouzan

From the information we could gather until now, it should be ok as long as you didn't execute anything inside the mounted nfs. The zip file itself seems to not have any malware. I myself also had it uncompressed automatically (my Safari had on that damned setting to auto-open "safe" files)...

Well, the main page seems to have https disabled, but the dictionary itself is available via https. The attackers might have found a way to inject js code into the main (unprotected) page and that triggered the download. Not sure.

Unfortunately I don't know how, I had the safari setting for auto uncompressing zip files (bad idea), so what ended in my downloads folder was the uncompressed folder. The original zip file I guess was somehow in the temp safari files, but since then I restarted, so I can't see it anymore. If...

Not surprised virustotal did not find anything, the vulnerability is based on auto-mounting remote locations and the implicit trust gatekeeper puts in those locations. The file does not actually contain any binary, just the tailored zip content to mount a remote resource. That's why I was...

Found it!, and it is actually 100% malware, looks like a combination of the issue linked below plus the attackers found another issue, some way to trigger auto-download of the zip files without user intervention: https://9to5mac.com/2019/05/25/macos-gatekeeper-vulnerability/ I'm still reading...

Have you tried uploading the zip file to one of the online scanners, such as virustotal? Additionally, I find it funny that you found this on a Spanish website, I'm also a Spaniard and visit that website quite often. Are you all by chance based in Spain? maybe in the Telefónica network? Might...

I haven't experienced it anymore (doesn't mean it won't happen again). I couldn't find any other people complaining about this, so after a couple of days I don't think this is a general issue. I had also made a report to Safari the day this happened, but if more people complain they might give...

It's enabled on my end

By the way, it totally looks like malware. The link uses the string 'rnaster' instead of 'master' to make it look like a hosted raw file in the repository, but it was most probably a malicious file in the source code of the repo.

Where did you get that link? in the browser history? The github group does not exist, the link returns a 404

Thanks for the link, I just did that a while ago, no threats reported and I also checked the instructions about extensions and proxies in Safari. Nothing had been changed. Additionally: you should edit the Apple thread link and remove the session id param, it won't open otherwise.

A couple of extra info: My Safari had the setting to auto-open zip files setting (bad), and I used the console to check what is in there, found the data below. $ ls -lisa ~/Downloads/2018-2019 total 3040 8631846338 0 drwxr-xr-x@ 4 diego staff 128 Jun 6 12:40 . 633747 0...

I have just experienced exactly the same thing. Any news? It really looks weird. In my case I think it happened after opening a wikipedia page, though I'm not 100% sure. I'm on the very latest version of macOS 10.14.5 and Safari 12.1.1 as of today, on a 2017 MacBook Pro.