Malware, tea.app (AtomicStealer)
Forrest Aldrich
forrie at gmail.com
Thu Apr 10 18:20:33 UTC 2025
My malware checker has identified potential malware (AtomicStealer)
distributed from MacPorts. I'd like to confirm with the community what
else is known:
/Applications/MacPorts/tea.app
➜ /Applications cd MacPorts
➜ MacPorts ls
pinentry-mac.app Python 3.10 Python 3.11 Python 3.12
Python 3.13 tea.app
drwxr-xr-x@ 3 root wheel 96B Nov 24 20:52 pinentry-mac.app
drwxr-xr-x@ 4 root admin 128B Dec 8 01:21 Python 3.10
drwxr-xr-x@ 4 root admin 128B Dec 8 01:25 Python 3.11
drwxr-xr-x@ 4 root admin 128B Feb 8 21:06 Python 3.12
drwxr-xr-x@ 4 root admin 128B Feb 8 21:08 Python 3.13
drwxr-xr-x@ 3 root admin 96B Mar 21 22:01 tea.app
➜ MacPorts find tea.app
tea.app
tea.app/Contents
tea.app/Contents/MacOS
tea.app/Contents/MacOS/tea
tea.app/Contents/Resources
tea.app/Contents/Resources/empty.lproj
tea.app/Contents/Info.plist
tea.app/Contents/PkgInfo
Thanks,
Forrest
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macports.org/pipermail/macports-users/attachments/20250410/ecb04de3/attachment.htm>
More information about the macports-users
mailing list