Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: carlosperez8
carlosperez8 Author
User level: Level 1
9 points

Have I been hacked?

Hey there!


Just trying to get a little help over here. This morning was reading the news through my web browser, when a .zip file —2018-2019.zip— automatically downloaded to my Mac. I was stupid enough to open it. Then, without any interaction by my side, it seems that a NFS volume was mounted.



Luckily, I have installed Little Snitch on my laptop, which warning me about some processes trying to connect to the Internet:


automountd
macOS Kernel
sharedfilelistd
Finder


They all were trying to connect to 111 port at nfsdelivery.duckdns.org, that resolves to the IP address 79.154.153.156. The only one that has no code signature was macOS Kernel, owned by root.



Do I have to worry? I don't know if it's normal that a downloaded file without superuser permissions has access to all that system processes, and told them to connect to the Internet. I got in touch with Apple support, and everything seems to work well for them. They advised me to just delete the file. Should I scale this issue to someone else at Apple?


PS. I'm running macOS 10.14.5 on a mid-2012 MacBook Air.

Posted on Jun 12, 2019 2:26 AM

Reply

Similar questions

2 replies
User profile for user: carlosperez8
carlosperez8 Author
User level: Level 1
9 points

Jun 12, 2019 2:36 AM in response to carlosperez8

I passed the file through VirusTotal, and no engine detects anything. This is where the .zip file downloads from. Please be aware!


https://github-production-release-asset-2e65be.s3.amazonaws.com/190018063/a77f2600-898e-11e9-9605-02bbb997091f?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20190612%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20190612T083616Z&X-Amz-Expires=300&X-Amz-Signature=1c1fd009d89dcfa83de32ddbc123fde99bbbbd6ccafb6aab0c25d6e4845a9992&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3D2018-2019.zip&response-content-type=application%2Foctet-stream
Reply

Have I been hacked?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up