Apparently, it was collecting passwords from victim machines. So, step one would be to remove everything the script put onto your machine. Step two would be to change your passwords.
Step one is to unplug the machine from the internet. Step two is to use another machine to change all your passwords, starting with the “pivot” passwords - your password manager master password, your email accounts, your AppleID, your mobile provider - followed by financial accounts and then all others. While changing passwords, make sure to “invalidate all sessions” where possible.
Only after you’ve done all this should you move onto Step 3: reformat your computer and install the OS from scratch.
Is there any way to check if you're affected? I just happened to install Homebrew while the malicious site was up and now I'm not sure if I installed the legit version.
I'd isolate the machine from the internet, change my passwords from a trusted machine, save the media and documents from the isolated machine, and then reinstall the OS / factory reset the isolated machine. Still, I'm sure that there are technical possibilities that this doesn't account for, but I think I would be okay with the procedure nevertheless.
addandsubtract|1 year ago
chatmasta|1 year ago
Only after you’ve done all this should you move onto Step 3: reformat your computer and install the OS from scratch.
watermelon0|1 year ago
hollin|1 year ago
npteljes|1 year ago
unknown|1 year ago
[deleted]