Répondre à la discussion

Message

Bonjour à tous,

Je pense m'être infecté d'un malware via le lancement d'un Setup.app se trouvant dans une image disque.
Il y avait un script "Meta Installer" dans le Setup.app.
Ce script semble avoir effectué les actions suivantes selon "console" :

[code]Nov 10 22:00:39 Meta Installer[2269]: Downloading https://inimg.s3.amazonaws.com/InstallerFun.dmg to /var/folders/b9/8m1pwtbj02sgdbgzhw3f9yg80000gn/T/TemporaryItems/(A Document Being Saved By Meta Installer)/Download 2020-11-10 220039.part
Nov 10 22:00:41 Meta Installer[2269]: Renaming download to /var/folders/b9/8m1pwtbj02sgdbgzhw3f9yg80000gn/T/TemporaryItems/(A Document Being Saved By Meta Installer)/InstallerFun.dmg
Nov 10 22:00:41 Meta Installer[2269]: Mounting /var/folders/b9/8m1pwtbj02sgdbgzhw3f9yg80000gn/T/TemporaryItems/(A Document Being Saved By Meta Installer)/InstallerFun.dmg
Nov 10 22:00:44 Meta Installer[2269]: Mounted /Volumes/Installer 1
Nov 10 22:00:44 Meta Installer[2269]: Downloading https://inimg.s3.amazonaws.com/InstallerFun.dmg to /var/folders/b9/8m1pwtbj02sgdbgzhw3f9yg80000gn/T/TemporaryItems/(A Document Being Saved By Meta Installer 2)/Download 2020-11-10 220044.part
Nov 10 22:00:44 Meta Installer[2269]: assertion failed: 19G2021: libxpc.dylib + 92759 [3E243A41-030F-38E3-9FD2-7B38C66C35B1]: 0x89
Nov 10 22:00:44 Meta Installer[2269]: Renaming download to /var/folders/b9/8m1pwtbj02sgdbgzhw3f9yg80000gn/T/TemporaryItems/(A Document Being Saved By Meta Installer 2)/InstallerFun.dmg
Nov 10 22:00:44 Meta Installer[2269]: Error Domain=NSURLErrorDomain Code=-1003 "A server with the specified hostname could not be found." UserInfo={NSUnderlyingError=0x6000018033f0 {Error Domain=kCFErrorDomainCFNetwork Code=-1003 "A server with the specified hostname could not be found." UserInfo={NSErrorFailingURLStringKey=http://www.test.xtro/, NSErrorFailingURLKey=http://www.test.xtro/, _kCFStreamErrorCodeKey=8, _kCFStreamErrorDomainKey=12, NSLocalizedDescription=A server with the specified hostname could not be found.}}, NSErrorFailingURLStringKey=http://www.test.xtro/, NSErrorFailingURLKey=http://www.test.xtro/, _kCFStreamErrorDomainKey=12, _kCFStreamErrorCodeKey=8, NSLocalizedDescription=A server with the specified hostname could not be found.}
Nov 10 22:00:44 Meta Installer[2269]: Unmounting /Volumes/Installer 1[/code]

Auriez vous une idée de quel type de malware suis-je infecté ?
A savoir que MalwareBytes ne detecte aucun fichier suspect ou infecté et je ne vois rien d'anormal dans le moniteur d'activité.

Merci d'avance pour vos retours.

<blockquote data-quote="numerovingt" data-source="post: 13889839" data-attributes="member: 1174641">Bonjour à tous,Je pense m&#039;être infecté d&#039;un malware via le lancement d&#039;un Setup.app se trouvant dans une image disque.Il y avait un script &quot;Meta Installer&quot; dans le Setup.app.Ce script semble avoir effectué les actions suivantes selon &quot;console&quot; :[code]Nov 10 22:00:39&nbsp; Meta Installer[2269]: Downloading https://inimg.s3.amazonaws.com/InstallerFun.dmg to /var/folders/b9/8m1pwtbj02sgdbgzhw3f9yg80000gn/T/TemporaryItems/(A Document Being Saved By Meta Installer)/Download 2020-11-10 220039.partNov 10 22:00:41&nbsp; Meta Installer[2269]: Renaming download to /var/folders/b9/8m1pwtbj02sgdbgzhw3f9yg80000gn/T/TemporaryItems/(A Document Being Saved By Meta Installer)/InstallerFun.dmgNov 10 22:00:41&nbsp; Meta Installer[2269]: Mounting /var/folders/b9/8m1pwtbj02sgdbgzhw3f9yg80000gn/T/TemporaryItems/(A Document Being Saved By Meta Installer)/InstallerFun.dmgNov 10 22:00:44&nbsp; Meta Installer[2269]: Mounted /Volumes/Installer 1Nov 10 22:00:44&nbsp; Meta Installer[2269]: Downloading https://inimg.s3.amazonaws.com/InstallerFun.dmg to /var/folders/b9/8m1pwtbj02sgdbgzhw3f9yg80000gn/T/TemporaryItems/(A Document Being Saved By Meta Installer 2)/Download 2020-11-10 220044.partNov 10 22:00:44&nbsp; Meta Installer[2269]: assertion failed: 19G2021: libxpc.dylib + 92759 [3E243A41-030F-38E3-9FD2-7B38C66C35B1]: 0x89Nov 10 22:00:44&nbsp; Meta Installer[2269]: Renaming download to /var/folders/b9/8m1pwtbj02sgdbgzhw3f9yg80000gn/T/TemporaryItems/(A Document Being Saved By Meta Installer 2)/InstallerFun.dmgNov 10 22:00:44&nbsp; Meta Installer[2269]: Error Domain=NSURLErrorDomain Code=-1003 &quot;A server with the specified hostname could not be found.&quot; UserInfo={NSUnderlyingError=0x6000018033f0 {Error Domain=kCFErrorDomainCFNetwork Code=-1003 &quot;A server with the specified hostname could not be found.&quot; UserInfo={NSErrorFailingURLStringKey=http://www.test.xtro/, NSErrorFailingURLKey=http://www.test.xtro/, _kCFStreamErrorCodeKey=8, _kCFStreamErrorDomainKey=12, NSLocalizedDescription=A server with the specified hostname could not be found.}}, NSErrorFailingURLStringKey=http://www.test.xtro/, NSErrorFailingURLKey=http://www.test.xtro/, _kCFStreamErrorDomainKey=12, _kCFStreamErrorCodeKey=8, NSLocalizedDescription=A server with the specified hostname could not be found.}Nov 10 22:00:44&nbsp; Meta Installer[2269]: Unmounting /Volumes/Installer 1[/code]Auriez vous une idée de quel type de malware suis-je infecté ?A savoir que MalwareBytes ne detecte aucun fichier suspect ou infecté et je ne vois rien d&#039;anormal dans le moniteur d&#039;activité.Merci d&#039;avance pour vos retours.</blockquote>

[QUOTE="numerovingt, post: 13889839, member: 1174641"] Bonjour à tous, Je pense m'être infecté d'un malware via le lancement d'un Setup.app se trouvant dans une image disque. Il y avait un script "Meta Installer" dans le Setup.app. Ce script semble avoir effectué les actions suivantes selon "console" : [code]Nov 10 22:00:39 Meta Installer[2269]: Downloading https://inimg.s3.amazonaws.com/InstallerFun.dmg to /var/folders/b9/8m1pwtbj02sgdbgzhw3f9yg80000gn/T/TemporaryItems/(A Document Being Saved By Meta Installer)/Download 2020-11-10 220039.part Nov 10 22:00:41 Meta Installer[2269]: Renaming download to /var/folders/b9/8m1pwtbj02sgdbgzhw3f9yg80000gn/T/TemporaryItems/(A Document Being Saved By Meta Installer)/InstallerFun.dmg Nov 10 22:00:41 Meta Installer[2269]: Mounting /var/folders/b9/8m1pwtbj02sgdbgzhw3f9yg80000gn/T/TemporaryItems/(A Document Being Saved By Meta Installer)/InstallerFun.dmg Nov 10 22:00:44 Meta Installer[2269]: Mounted /Volumes/Installer 1 Nov 10 22:00:44 Meta Installer[2269]: Downloading https://inimg.s3.amazonaws.com/InstallerFun.dmg to /var/folders/b9/8m1pwtbj02sgdbgzhw3f9yg80000gn/T/TemporaryItems/(A Document Being Saved By Meta Installer 2)/Download 2020-11-10 220044.part Nov 10 22:00:44 Meta Installer[2269]: assertion failed: 19G2021: libxpc.dylib + 92759 [3E243A41-030F-38E3-9FD2-7B38C66C35B1]: 0x89 Nov 10 22:00:44 Meta Installer[2269]: Renaming download to /var/folders/b9/8m1pwtbj02sgdbgzhw3f9yg80000gn/T/TemporaryItems/(A Document Being Saved By Meta Installer 2)/InstallerFun.dmg Nov 10 22:00:44 Meta Installer[2269]: Error Domain=NSURLErrorDomain Code=-1003 "A server with the specified hostname could not be found." UserInfo={NSUnderlyingError=0x6000018033f0 {Error Domain=kCFErrorDomainCFNetwork Code=-1003 "A server with the specified hostname could not be found." UserInfo={NSErrorFailingURLStringKey=http://www.test.xtro/, NSErrorFailingURLKey=http://www.test.xtro/, _kCFStreamErrorCodeKey=8, _kCFStreamErrorDomainKey=12, NSLocalizedDescription=A server with the specified hostname could not be found.}}, NSErrorFailingURLStringKey=http://www.test.xtro/, NSErrorFailingURLKey=http://www.test.xtro/, _kCFStreamErrorDomainKey=12, _kCFStreamErrorCodeKey=8, NSLocalizedDescription=A server with the specified hostname could not be found.} Nov 10 22:00:44 Meta Installer[2269]: Unmounting /Volumes/Installer 1[/code] Auriez vous une idée de quel type de malware suis-je infecté ? A savoir que MalwareBytes ne detecte aucun fichier suspect ou infecté et je ne vois rien d'anormal dans le moniteur d'activité. Merci d'avance pour vos retours. [/QUOTE]

Vérification

Haut Bas