User profile for user: sfsmusique
sfsmusique Author
User level: Level 1
16 points

Is "pluginpayloadattachment" an indicator of malware?

Someone else asked "What is 'pluginpayloadattachment'"? And I have the same question. After getting malware on my Mac, I searched my recent downloads and other unusual-looking files (including hidden ones) and found this file hidden in my Mail folder. I removed it and put it in the trash and I don't know where it came from because I can't find the original message with this attachment in it.


My assumption is that an unasked-for payload, delivered in an email message, can't be good. Can anyone confirm?

MacBook

Posted on Jan 11, 2020 1:00 PM

Reply
Question marked as ⚠️ Top-ranking reply
User profile for user: sfsmusique
sfsmusique Author
User level: Level 1
16 points

Posted on Jan 11, 2020 9:36 PM

Thanks. I did have malware on my Mac and it became almost non-functional. I ran some tools on it to clean it up. Afterwards, I was trying to figure out the source. Two issues were already identified in a malware scan: one was a plugin embedded inside an app that I bought from the App Store. (I'm surprised that this malware made it past Apple.)


The second was a fake version of the Adobe Flash installer. I don't know how it got on my Mac because Flash is already set to auto-update from the Adobe site in my Preference settings. "Get info" showed that the fake Flash installer came from an "amazonaws" server and not from the Adobe site.


I got rid of those files but afterwards, I was looking for any remaining files that had a "last modified" date around the time that I became aware of the malware infection, and "pluginpayloadattachment" was one of them.

View in context

Similar questions

2 replies
Sort By: 
Question marked as ⚠️ Top-ranking reply
User profile for user: sfsmusique
sfsmusique Author
User level: Level 1
16 points

Jan 11, 2020 9:36 PM in response to sfsmusique

Thanks. I did have malware on my Mac and it became almost non-functional. I ran some tools on it to clean it up. Afterwards, I was trying to figure out the source. Two issues were already identified in a malware scan: one was a plugin embedded inside an app that I bought from the App Store. (I'm surprised that this malware made it past Apple.)


The second was a fake version of the Adobe Flash installer. I don't know how it got on my Mac because Flash is already set to auto-update from the Adobe site in my Preference settings. "Get info" showed that the fake Flash installer came from an "amazonaws" server and not from the Adobe site.


I got rid of those files but afterwards, I was looking for any remaining files that had a "last modified" date around the time that I became aware of the malware infection, and "pluginpayloadattachment" was one of them.

Reply
User profile for user: leroydouglas
leroydouglas
Community+ 2025
User level: Level 10
192,540 points

Jan 11, 2020 1:35 PM in response to sfsmusique

sfsmusique wrote:

Someone else asked "What is 'pluginpayloadattachment'"? And I have the same question. After getting malware on my Mac, I searched my recent downloads and other unusual-looking files (including hidden ones) and found this file hidden in my Mail folder. I removed it and put it in the trash and I don't know where it came from because I can't find the original message with this attachment in it.

My assumption is that an unasked-for payload, delivered in an email message, can't be good. Can anyone confirm?


Sometimes you get txt or message that get sent to mail.

Messages.app stores links in the sqlite attachment database as files with ".pluginPayloadAttachment" extension.


If you suspect you have installed adware/malware. Try running this trusted utility https://www.malwarebytes.com/mac/


Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Is "pluginpayloadattachment" an indicator of malware?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up