-1

Running a macpro and have been using public wireless. I opened my cmd and saw that these commands had been run: sudo echo AUTHENTICATED ; sudo -k ; echo AUTHENTIKILL ; echo PROCESSEDAUTHENTICATION export PS1="" echo ALLDONE;sudo -k sudo nice -n -10 $'/\101\160\160\154\151\143\141\164\151\157\156\163/\106\151\154\145\123\141\154\166\141\147\145\56\141\160\160/\103\157\156\164\145\156\164\163/\122\145\163\157\165\162\143\145\163'/SHarvest;sudo -k;echo DONEXT

I run also mamp on this machine so messages could be from that? Not sure!

Any help would be greatly appreciated!

AstroCB
  • 12,337
  • 20
  • 57
  • 73
user1662138
  • 9

3 Answers3

3

Have you run SubRosaSoft's FileSalvage (a program for recovering deleted files) on your computer? If you have, this may be part of its normal operation (that weird escaped string translates to "/Applications/FileSalvage.app/Contents/Resources/SHarvest").

Gordon Davisson
  • 118,432
  • 16
  • 123
  • 151
0

I have never seen those but a quick google search tells me that you should investigate as your system might be compromised. Never seen MAMP do anything like that.

Andy Thompson
  • 284
  • 1
  • 3
  • 21
-1

You need to be careful when using public wireless networks as some of the might be controlled by hackers, one sitting in the same network sniffing the local area for vulnerable OS or specially put wireless Access Point for free to lure victims so that we can see all the traffic, perform Man In The Middle Attack (even SSL/TLS won't help in many cases). So, looking at your command history, I assume they might have got an access into your Box and wanted to retrieve info or establish reliable connection. Those strange numbers are most likely shellcodes. Anyway as mentioned above investigate further, change your password and good luck!

3ntr0py
  • 117
  • 5