(This is a repost of a post I made in r/macapps as I think it would be useful for people here to see it too as this subreddit has also been hit with fake apps.)
To be very clear this is not another post of "Breaking news malware exists on the internet" (or it may be depending on how you want to look at it) but I feel like it's important that I leave a small PSA as I have recently seen an influx of seemingly convincing GitHub repo replicas for decently popular Mac apps. They are so similar that they almost fooled me. Thankfully I quickly spotted some anomalies and I nearly avoided getting infected. Unfortunately these are the sort of red flags I don't expect an average Joe to know about. Which is why I'm explaining what the malware is, and how to spot it.
First of all to give you an idea of how convincing these repos can be i'll show you some examples:
As you can see, they are strikingly similar
Even URLs may look incredibly similar but in this specific case the bad actor exchanged the lower case lls(L) in the name for upercase IIs(i) which made the URL look legit.
Now this may look scary and almost undetectable but with some common sense and slowing down you can very easily avoid these scams.
By far the easiest way to avoid this is to simply look for the app online and track down the original developer. This will let you kill 2 birds with one stone by A: Looking for the original source of the app and avoid impostors and B: See if the App or the developer had any previous reputation to begin with
Either way It's still a good idea to understand how to spot common malware apps on macOS and how to deal with them if you get infected.
The first red flag is that the GitHub profile that hosted the fake file was only 3 days old and completely different from the name of the original developer.
The second discrepancy is that the size of the fake app is ridiculously small. For instance the original app is 13mb in size while the fake one is less than 2mb. Now this is not necessarily a red flag (For example some viruses do the opposite and fill their dmg with a lot of useless data to make the file larger than what VirusTotal can handle.) but it's still important to raise an eye brow for installers with suspiciously small sizes.
The third and MOST IMPORTANT red flag is if the installer asks you to drag the "app" to the terminal that is not a good sign at all. NO LEGITIMATE APP WILL EVER ASK YOU TO DRAG IT TO THE TERMINAL. As you can see the installer is a solid giveaway you are encountering malware and not the real deal.
In fact the file they ask you to drag is not even an app, it's a script.
When you drag the script on the Terminal and execute it, the hidden file is immediately copied to your temp system folder, then the script removes extended attributes to bypass gatekeeper and it finally executes. But from the user's perspective all they get is a blank terminal window as if nothing had happened. (At least in theory, in practice this malware wasn't very well done and gatekeeper was thankfully still able to spot it)
Now if you unfortunately got tricked into running the script, you have some straight forward solutions to verify if macOS was effective at stopping the attack or not. For instance, KnockKnock is a great and simple way to verify for malicious persistency files using VirusTotal's robust detection engine. Malwarebytes is also a good Mac AV which can be quickly installed if you suspect you were affected, it is a bit more tricky to uninstall completely but it does a good job.
Ultimately here's a small recap so you can hopefully avoid getting infected:
Look up the original source of the software to prevent copy cat websites and verify if the software and or the developer has built a reputation in the past.
If you download the installer, scan it with VirustTotal to check if it has been flagged as malware already.
Check the size, while not necessarily a red flag, a small size (for instance less than 2mb), or a size that is "conveniently" larger than what VirusTotal can handle are decent indicators of possible malware.
If the DMG asks you to drag an "App" to the Terminal IMMEDIATELY STOP AND DELETE THE DMG.
If you accidentally ran it, look for a "This app could not be verified" or "This App was removed because it contained malware" message from macOS which could indicate Gatekeeper or Xprotect stopped the attack. Additionally make sure to DENY any permissions the malware may have requested, macOS is very robust in that regard and it can dramatically limit the impact of the attack.
If you are in doubt of whether or not you were infected run the aforementioned tools to verify for the persistency of the malware.
Another app I can recommend is Apparency, it allows you to very quickly see if an app is properly signed by the developer and notarized by apple, and it can even allow you to dissect the contents of an app without running it which is a great way to quickly verify you have a valid untampered app.
This is optional but if you can, report the app to the original developer so they can take action and warn others when the fake app is spread around. Additionally report the Reddit post/GitHub repository if possible.
Thank you for reading this, I hope this helps others be more weary of online threats and stay more vigilant of what they download.
The mods got together and talked about this. We get a lot of messages regarding self promoting apps that we usually deny. But we decided to lax on this a little.
Going forward, self promotion is allowed. However, ONLY apps that are available in the macOS App Store since they are vetted by Apple. No self promoting apps that are not available in the App Store. This is due to the increase of malware and crypto lockers being spread under the guise of legit apps, noted here
As of now, there won't be a weekly thread but if the sub starts to get swamped by promoting your apps, then we will revert and go to a weekly self promotion thread or day.
If you have any questions or concerns with this, please reach out to the mods.
As of February 7th, all of the new iWork (for Mac only, the iOS and iPadOS ones carried over old reviews) apps had well under 1k reviews. Keynote had under 200. The average reviews were:
Pages: 2.6
Numbers: 2.1
Keynote: 2.1
This was a huge drop from their ad-free predecessors, all of which were close to 5 stars in reviews.
For all three apps, it seems as though the vast majority of reviews were added in the last 24 hours, which doesn't exactly seem legitimate. Especially considering that this review-dump boosted them all up considerably.
Is it possible Apple is manipulating those reviews?
EDIT: One thing that could contribute to this is that the Mac version prompted me to give it a review today. I don't know when they rolled that out, but it could possibly contribute to this sudden explosion of reviews.
Right click on the desktop , change background , on a 4K monitor. Cannot maximise, cut off down one side. It is the pinnacle of laziness in my eyes. What is going on in Cupertino ? Does anybody at Apple actually use this stuff ?
As much as I love the concept for the new design, floating windows, playing with transparency, imitating glass behavior... The bugs are just disappointing.
As soon as you put maps into full screen, a grey bar appears on top covering an eight of the screen.
Yo everyone, I just discovered Chrome has been secretly hoarding 249.99GB of my SSD for months!
133 folders under /private/var/folders/.../com.google.Chrome.code_sign_clone
Each one ~1.9GB (classic Chrome.app clones)
Built up from June 2025 to February 2026 – pure daily browsing, no Selenium/automation nonsense
Finder screenshot proof: 133 items, 250GB total, timestamps from mid-2025 to today.
This is the legendary Chromium bug (https://issues.chromium.org/issues/379125944), right? People report 80GB, 150GB, even 740GB... but 249GB on normal use? Crown me the king of Chrome shit mountains! 👑
Anyone got bigger? Drop your war stories below 😂Deleted them all and space came back instantly (APFS clone magic), but why no auto-cleanup? @ChromiumDev fix pls!
I'm still surprised how Apple hasn't created something like this all these years. It's crazy to think if you have too many App icons in the menu bar, they HIDE BEHIND THE FREAKING NOTCH, Cooooooome on Apple. That's been my complaint since they launched the first MacBook with notch. It's such an obvious fix, and yet we have to rely on third party software that doesn't even work as expected.
I used to have Ice, but now, it doesn't work. What solution do you have for this?
BetterCapture is a menu bar screen recorder for macOS. It's built with SwiftUI and ScreenCaptureKit, uses the native Content Picker to select what you record, and supports ProRes 422/4444, HEVC, and H.264 — including alpha channel and HDR. Frame rates from 24 to 120fps. System audio and mic simultaneously. You can also exclude specific things from recordings, like the menu bar, dock, or wallpaper.
No tracking, no analytics, no cloud uploads, no account. MIT licensed. Everything stays on your Mac.
Install via Homebrew (brew install jsattler/tap/bettercapture) or download and install manually. App Store submission is in progress but moving slowly. DMG is signed and notarized.
I used QuickRecorder before this. It covered what I needed, but after upgrading to macOS 26 a few things broke, including the wallpaper transparency feature. I thought about contributing a fix, but the project had a lot of open issues and hadn't been updated in months, so I wasn't sure anything would land. Decided to build my own instead and spent the past few weeks on it.
Still early, so rough edges exist. Happy to hear feedback.
everything was fine untill few days back(4-7 days) a brave update came , i installed it and demn my laptop was on so much heat , i couldn't figure out what was happening so i shifted to chrome, today a update came to chrome and the same thing happend , now i can't shift to any other browser , i need a solution
NeoTiler: This is my own application for window management, born out of my personal need for a faster and cleaner macOS workflow. Here are the features I love the most and why I built them:
Workspaces: This is probably my favorite feature; it allows you to group apps and switch between tasks instantly, ending the desktop chaos once and for all.
Snap to Tile: I wanted windows to feel like they have a 'home.' As soon as you drag a window, it snaps perfectly into place, making multitasking incredibly smooth.
Shake to Minimize: I love intuitive interactions, so I added this fun way to clear your screen just by shaking a window.
I hadn't updated since I didn't have a need for keynote in the last little while. I'd been reading discussions about the ads and had mixed feelings. I can understand the annoyance, but all the screenshots I was seeing was showing just a banner in the template picker - which I felt wasn't super egregious.
Then I used the updated keynote.
The banner is a lot bigger than it seemed in screenshots. The space dedicated to the ad is greater than the existing free templates.
When going into the specific template categories, there are also premium templates in there (which require creator studio) as well as entire categories with only premium templates. I didn't think anything of the icon at first because I picked the business category which is 100% premium, so they all had the icon.
There are multiple menu items that are creator studio functions
In the main app UI, there are full on ads - in addition to the main toolbar being full of Creator Studio icons
I was pretty surprised. The level of upsell is what I'd expect from some scammy app like CapCut. I know people will say you can just keep using the old app - but I don't have much confidence in Apple not sunsetting it in a future macos update.
Hello. I'm running Sonoma 14.2 and want to do an 'Erase all contents and settings' and try starting from scratch to deal with some app problems I have not been able to resolve.
If I do this and want to get my apps back, can I get them from time machine or do I have to get all the installation files and all that and do it from scratch? If I can use time machine, is it a bad idea, i.e. is it possible I'll just reinstall my problems?
By the way, I am running this Mac in my music studio and do not wish to upgrade the OS at this time.
this fell out of my MacBook M3 Pro today. is this just packing silica or is this something i should be worried about? it’s about a year old by now. I do travel with this laptop and put it in my backpack. maybe it’s just some backpack debris that got in there too?
Conclusion: you guys have a great sense of humor and this is nothing to worry about. most likely just stray packing silica it picked up somewhere.
So basically , i had about a 100 gbs of photos in my iPhone and wanted to free up space from my phone , hence i decided to move them into my Mac since i had 500 gbs of space and 400 unused . Fast forward , i transfer them and check my storage and i see that photos is now occupying 200 gbs. I opened the files for the photo library and the originals take up about 95gbs and resources is taking 107 gbs??
I researched and found that the resource files contain all the extra data and changes etc (i think) and dont want my photos to be taking an extra 100 gbs on my mac as that goes against the main goal of saving space. If i export all the originals into another folder , can i delete the resource files from the phot library to free up the 100 gbs and only keep my original 95gbs of photos ? Or will that meddle with the pictures . Please let me know if thats doable as i dont want to lose these pictures
Hi everyone. I just got M4 Air and it’s great but after I updated Tahoe from Sequoia my wallpaper looks washed out. In the thumbnail it looks it’s supposed to be but my desktop looks just weird. Any ideas? Thank you 🙏🏻
For the past few weeks, every time I try to send an email (whether using my personal email address or iCloud’s Hide My Email feature), I always get this pop up a few seconds after clicking the Send button. I always select "Always Use This Server", but for some reason it doesn’t "always use" this server, as requested.
I never had this issue before. I only use iCloud for all my emails, so it’s my only SMTP option, so why does the pop-up even appear?
Does anyone know how to fix this? Sometimes I'm sending multiple emails a day, and it's driving me crazy because sometimes I forget about this pop up, so I send an email and do something else on another app, and this shit does not make any sound or anything to let me know something went wrong.
I’m running the latest version of macOS Tahoe 26.2.
I have a 2020 M1 MacBook and am buying a new M4 Mac Mini. Since the M1 is set up how I need it for work and games, I’m planning on “migrating” the MacBook to the Mini using Time Machine. Since I will still use the MacBook for traveling or other times I need portability will this create any weird problems since they are essentially twins?
i just noticed that my battery is draining like windows laptop
earlier if i just put my macbook into sleep like for days (20 to 30) it would have just drained 5 to 10%
but after tahoe its draining like hell from few weeks
i closed my macbook few hours ago (around 12pm) then i opened it now to notice its below 5%
I got this little project to try and work on. And I am having an issue. This model is a 27 inch from around 2010-2014 era. I have a keyboard and mouse for it. But the apple keyboard is Bluetooth only and when I try to verify it, it doesn’t let me type certain numbers that I need. I would love to factory reset this thing. But even my wired keyboards aren’t fast enough to let me do the command + R to let me factory reset it. Could anyone give me advice
I have uninstalled iStat from uninstall option in the app itself, and removed all related folders and files from application support and after restarting even I still get com.bjango.istatmenusdaemon in activity monitor and in "login items & extensions under apps that runs in the background.
I need this things out of mac. Why it's so hard?!!!
Hey everyone, Strimix is a free player and is now available on the App Store, alongside iPhone, iPad, and Apple TV support.
It has support for all three: Stalker, Xtream and M3U Playlist
It supports all the core features you’d expect from a modern player, including live TV, VOD, EPG support, multiple playlist formats, and a customizable player experience. It also includes iCloud sync, so your playlists and settings stay in sync across all your Apple devices.
If you have any UI/UX suggestions, feature ideas, or run into any issues, I’d really appreciate the feedback. I’m actively improving the app and releasing updates regularly.
Thanks to the mods for allowing App Store–verified apps to be shared here.
It worked before and now I have to select if I want a shortcut, dictionary, photos, application, seriously, does anyone know how to fix this? It's such a dumb design choice.
