Suspicious Pop-Up After Opening DMG File on Mac

Question

D_Russo Author

Level 1

4 points

Suspicious Pop-Up After Opening DMG File on Mac

(Mac OS Sonoma 14.5)

Hi,

I recently downloaded a DMG file and tried to open it. Shortly after, I got a pop-up saying:

“Required application helper. Please enter password for continue.”

There was no cancel or close option, and the pop-up kept reappearing until I restarted my Mac. I didn’t enter my password, but I’m worried my system might still be compromised.

I didn’t capture a screenshot of the pop-up, but I found articles online describing similar pop ups with a slightly different wording used by macOS malware, including:

1. Cthulhu Stealer malware: https://www.cadosecurity.com/blog/from-the-depths-analyzing-the-cthulhu-stealer-malware-for-macos

2. AppleScript & Osascript prompts to steal credentials: https://www.picussecurity.com/resource/blog/sub-techniques-of-command-and-scripting-interpreter-explained-mitre-attck-t1059

Both articles show examples of deceptive prompts similar to what I experienced. I also found a similar pop-up image shared by another user in the Apple Discussions forum. I’ll attach it for reference:

Strange pop up showed up. - Apple Community

What I’ve Done So Far:

• Deleted the DMG file.

• Ran scans with Malwarebytes and Avast.

My Questions:

1. Could my Mac be infected even though I didn’t enter my password?

2. Are there additional steps I should take to ensure my system is secure?

3. How can I raise awareness to help others avoid this issue?

Thanks in advance for any advice or insights!

MacBook Pro 13″

Posted on Jan 15, 2025 6:39 AM

Reply

Answer 1

Jan 15, 2025 6:57 AM in response to D_Russo

If you did not enter your password, nothing was installed on your computer.

You never have to worry about that if you stick to apps you find in the App Store. Randomly downloading apps you find on the internet is not recommended. The same is true for links you see in email/messages. Don't believe everything you read on the internet and do not trust every app you see on the internet.

Since you did not install any files, there is no other steps you need to take and deleting the DMG file is all that is needed. Avast is already a problematic application and would do no good anyway. Never install any of these types of applications:

Cleaners
Optimizers
Anti-Virus
VPN (unless specifically used for a work or school environment)

Reply

Answer 2

MrHoffman

Level 10

149,437 points

Jan 15, 2025 8:41 AM in response to D_Russo

Nobody can answer that question. Not with certainty.

Want better certainty? Wipe and restore a backup from prior to your adventure — whatever this was, and from whencesoever it came — and change all of your passwords and tokens and such.

Most of the macOS malware around is cracked apps and the usual torrent fodder, as well as cryptocurrency wallet stealers and similarly shady apps.

Add-on anti-malware isn’t particularly useful here, either.

Reply

Answer 3

leroydouglas

Level 10

200,502 points

Jan 15, 2025 8:28 AM in response to D_Russo

D_Russo wrote:

(Mac OS Sonoma 14.5)

Thanks in advance for any advice or insights!

What DMG and from where...(?)

The current stable release of Sonoma including bug fixes, security updates is macOS 14.7.2 —I would start there

Keep your Mac up to date - Apple Support

Reply

Answer 4

etresoft

Level 9

57,182 points

Jan 15, 2025 8:03 AM in response to D_Russo

D_Russo wrote:

1. Could my Mac be infected even though I didn’t enter my password?

Yes.

2. Are there additional steps I should take to ensure my system is secure?

Yes.

3. How can I raise awareness to help others avoid this issue?

Unfortunately, it's not possible to "raise awareness". The internet is positively flooded with purposeful disinformation regarding this topic. It isn't possible to increase the level of disinformation, or to correct any of it.

How do we even know that you aren't one of the disinformation spreaders? 😄

Reply

Suspicious Pop-Up After Opening DMG File on Mac

Similar questions