Strange to say the least, however, it's a Windows file, no Mac one inside. The third however didn't, I extracted its contents and sent it to The first two files were caught by Sophos immediately and I couldn't stop it from deleting them.
I was able to fill in the captcha and download the file, I'm running Mac for those wondering. With help from OP, I was given the link to the virus in question. Please note that at this stage I am not willing to post the link spite the fact no one has yet reported also being infected, I don't really want to take the chance due to the severity of things if they do.you understand this, yeah? It's 2.30am so I'm probably going back to sleep for a while now. Read their comment here: Įdit4: Ok, I went to sleep for a couple hours, woke up, and have now provided the link to another ~10 or so people. I have tested this on another machine (my personal laptop, on a different network / ISP) and I can still get to the fake site.Įdit3: /u/mikhaila15 is the only user that has so far reported that they've been able to download a binary from the page I provided via PM. It's also worth noting that 2 reddit users so far have reported that when they attempt to visit that URL, they automatically get redirected to google. If someone knows more about this and whether this is either likely or possible, please shout out. Maybe this negates the download - I'm not really sure - but I'm really, really hesitant to provide the 'actual' URL that contains their email address, for obvious reasons. I replaced their email address with for privacy reasons when I provided the URL in the PMs. This MAY be because the original URL that infected the user was in the format: To the best of my knowledge, no one has been able to either get their hands on the binary, or replicate an infection. It's hilarious googling the issue and seeing so many experts advising not to bother with AV on a Mac because they're not susceptible.!Īnyone else had this with a Mac and have any tips?Įdit: woops, could still see the URL in previous image, removed now: Įdit2: I have provided the URL to about 8 people so far. I'm not able to open any of the system preference icons. The user reported that they received an email from the post office asking them to download a file to arrange delivery (ha, ha).įiles definitely appear encrypted - though haven't spent too much time attempting to resolve as the Mac in general is pretty hosed - whatever happened appears to have either encrypted or corrupted various system components as well - e.g.
Was pretty surprised (but not overly I guess) to encounter my first cryptolocker / ransonware on a Mac today.