A client recently encountered a suspicious website pretending to run a human verification test. Instead of asking him to click pictures or solve a math problem, it instructed him to copy text from the page and paste it into Terminal.
That text? It was an encoded script. Once entered and executed in Terminal, it would download and install malware designed to steal user data, including login passwords, browser history and cookies, cryptocurrency wallet info, keychain contents, Notes data, and personal files.
Why does this work?
This type of scam relies on social engineering—tricking users into thinking they’re doing something routine and safe. Terminal isn’t something most Mac users interact with regularly, so it’s easy to be misled into following seemingly harmless instructions.
What are the red flags?
- Any website asking you to open Terminal
- Instructions that involve copying and pasting code you don’t understand
- Warnings or urgency (“You must complete this step to continue!”)
- URLs that don’t match the official domain of the service you're trying to access
What can you do to protect yourself?
- Never paste unsolicited commands into Terminal
- Use strong passwords and two-factor authentication
- Store passwords in a secure password manager—not in Notes
- Keep regular backups of your system
- Make sure macOS and your security tools are up to date
The bottom line:
Commands pasted into Terminal may look harmless—or even unreadable—but they can act like full-fledged apps with access to everything on your Mac. If you ever have doubts, don’t proceed. Check with your IT provider or a trusted support team first.
(Featured image by iStock.com/stevanovicigor)
Need help? Contact The MacGuys+ at 763-331-6227
Top-notch IT support for Mac-based businesses in Minneapolis, St. Paul, Twin Cities Metro, Western WI, and beyond. Enjoy seamless nationwide co-managed Mac IT support for a flexible work-anywhere experience.
