Malware, tea.app (AtomicStealer)
Forrest Aldrich
forrie at gmail.com
Thu Apr 10 22:53:38 UTC 2025
On 4/10/25 3:17 PM, Ryan Carsten Schmidt wrote:
> On Apr 10, 2025, at 13:21, Forrest Aldrich wrote:
>>
>> My malware checker has identified potential malware (AtomicStealer)
>> distributed from MacPorts. I'd like to confirm with the community
>> what else is known:
>>
>>
>> /Applications/MacPorts/tea.app
>> ➜ /Applications cd MacPorts
>>
>
> I know that tea is a text editor.
>
> https://ports.macports.org/port/tea
>
> I am not aware of it containing malware.
>
> As far as I know, Atomic Stealer is distributed by tricking a user
> into downloading and installing what looks like a browser update or a
> cracked commercial application. It seems unlikely that it would appear
> in an esoteric open source text editor so my initial assumption is
> that this is a false positive from your malware checker.
>
> What is your malware checker? Have you contacted its developer?
I cleaned this off my system, for now.
The checker I'm using is Moonlock, which is a part of CleanMyMacX.
_F
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macports.org/pipermail/macports-users/attachments/20250410/6aa6a3b9/attachment.htm>
More information about the macports-users
mailing list