On 4/10/25 3:17 PM, Ryan Carsten Schmidt wrote:
On Apr 10, 2025, at 13:21, Forrest Aldrich wrote:
My malware checker has identified potential malware (AtomicStealer)
distributed from MacPorts. I'd like to confirm with the community
what else is known:
/Applications/MacPorts/tea.app
➜ /Applications cd MacPorts
I know that tea is a text editor.
https://ports.macports.org/port/tea
I am not aware of it containing malware.
As far as I know, Atomic Stealer is distributed by tricking a user
into downloading and installing what looks like a browser update or a
cracked commercial application. It seems unlikely that it would appear
in an esoteric open source text editor so my initial assumption is
that this is a false positive from your malware checker.
What is your malware checker? Have you contacted its developer?
I cleaned this off my system, for now.
The checker I'm using is Moonlock, which is a part of CleanMyMacX.
_F
