The Office of Information Technology (OIT) has identified a new type of high-risk malware campaign specifically targeting Mac users through social media and "how-to" videos.
How the Scam Works
Fraudulent videos on platforms like YouTube promise "secret" or "Apple-hidden" ways to instantly free up 100GB+ of disk space or speed up a slow Mac.
The video instructs you to copy a complex command from an anonymous website (such as telegra.ph) and paste it into your computer's Terminal app.
The commands provided in these videos are not legitimate system tools. Instead, they download a malicious script that could:
- Steal Your Passwords: It triggers a fake login prompt to capture your system password.
- Access Sensitive Data: It scrapes your browser cookies, saved credit cards, and Keychain data.
- Compromise Accounts: Attackers could use this stolen data to bypass security (including 2FA) to access your personal or even university accounts.
How to Stay Safe
- NEVER copy and paste commands into your Terminal from a website or video unless you are 100% certain of the source and have confirmed it with the OIT Help Desk.
- Ignore "Quick Fix" Scripts: Apple Support will never ask you to run curl or bash scripts found on anonymous blogs or video descriptions.
- Verify First: If your Mac is running slowly or is out of storage, please contact the OIT Help Desk before attempting any "hidden" fixes.
- Install OS Updates: macOS Tahoe 26.4 includes added protection against these types of malware and we recommend users upgrade/update their Mac (in System Settings > General > Software Update). For information on how to upgrade your Mac, check out our article.
Have Questions?
If you have already executed one of these commands on your SU-issued device, or if you need help optimizing your Mac storage safely, please contact the OIT Help Desk by email at helpdesk@su.edu or call us at (540) 665-5555.