MacVPN app?

JHZR2

JHZR2

Staff member
Joined
Dec 14, 2002
Messages
52,801
Location
New Jersey
One of my kids was supposed to be doing homework in Google docs, and we found out that they were searching video games. A cursory review of the computer found macVPN.zip in the trash. I have no idea if it is malware or what. There are no signs of it anyplace on the computer, but I’m concerned that there may be something in the background. No application in the application folder, ran malware bytes without anything found, no VPNs listed in the network system preferences area (as far as I can tell).

Obviously my kid is embarassed, as asking about it and the search history resorts to crying. But I don’t think they know what they did. They confirmed clicking a big green “continue” button on the site, but can’t retrace much else.

I don’t want some third party software, or worse, something snooping on there. Any ideas if this macVPN program is legit, and what I might be dealing with?

Thanks!
 
It could be a portable executable that doesn't need to be installed. I know virtually nothing about MACs, but it's common in windows. What is in the zip file?
 
wwillson said:
Kids often use VPNs at school to bypass the censor.
Click to expand...
My kid isn’t that advanced yet. And they were using my wife’s computer... I’d probably be less concerned if it was their school issued chrome book.

I know their history. Instead of writing in a Google doc, they started searching about video games, and the ability to play games online turned into a link with a big green “continue” button... thing is, I see a .zip file in the trash, no installer, cant tell what might have been.

Malwarebytes finds nothing, and I dont think I see any list of vpns (I don’t use one normally). But I don’t know what there might be hiding....
 
I am not too sure that there is anything to be concerned about:

1) A .zip file isn't going to do anything. If it was downloaded and deleted then it just sat there like an undetonated bomb or a jar full of bees whose lid was never removed. To prevent anything, local or otherwise, from manipulating or extracting the .zip file, permanent deletion is wisest.

2) A piece of malware, separate from the .zip file would have to reside locally or use a compromised browser to extract an executable *from* the .zip and then use that executable to do something. If it were me I'd use an appropriate application to see what's in the .zip file without actually extracting them. Then I'd know what the files are that I might be looking for.

3) The extracted executable would have either been extracted to the User's /home directories (Documents, Downloads, etc.) - in which case it should be easily found (make sure you show hidden files if you're going to poke around using Finder) - *OR* it would have been extracted into the system's areas of the SSD **which would require administrative permissions and would have prompted so** prior to writing anything to any location.

If you weren't convinced before, let this convince you that no User doing normal User stuff should ever be doing so with an administrative account. Your kids should be "Standard" Users. A Standard User cannot write anything anywhere other than their own /home/THEIR_NAME directories. (I take the step of putting those directories on my Linux systems on a separate SSD partition and disallowing any executables from executing at all.)

4) Although I forget the app's name, macOS will have a graphical app that functions as a system monitor; like Task Manager in Windows and System Monitor on Gnome in Linux it will show you what applications are running, under whose name, using what resources.

5) If the name implies correctly, this malware might have installed and began using a VPN that may have opened up your system to compromise. I think if you can confirm your network connections as are they were, using the normal ethernet or WiFi interface, then nothing was installed or is running.

There is a "best case" scenario with things like this where you benefit from a "scared straight" moment without consequences. Learning something in this world without paying a price is something to be grateful for! :)
 
uc50ic4more said:
I am not too sure that there is anything to be concerned about:

1) A .zip file isn't going to do anything. If it was downloaded and deleted then it just sat there like an undetonated bomb or a jar full of bees whose lid was never removed. To prevent anything, local or otherwise, from manipulating or extracting the .zip file, permanent deletion is wisest.

2) A piece of malware, separate from the .zip file would have to reside locally or use a compromised browser to extract an executable *from* the .zip and then use that executable to do something. If it were me I'd use an appropriate application to see what's in the .zip file without actually extracting them. Then I'd know what the files are that I might be looking for.

3) The extracted executable would have either been extracted to the User's /home directories (Documents, Downloads, etc.) - in which case it should be easily found (make sure you show hidden files if you're going to poke around using Finder) - *OR* it would have been extracted into the system's areas of the SSD **which would require administrative permissions and would have prompted so** prior to writing anything to any location.

If you weren't convinced before, let this convince you that no User doing normal User stuff should ever be doing so with an administrative account. Your kids should be "Standard" Users. A Standard User cannot write anything anywhere other than their own /home/THEIR_NAME directories. (I take the step of putting those directories on my Linux systems on a separate SSD partition and disallowing any executables from executing at all.)

4) Although I forget the app's name, macOS will have a graphical app that functions as a system monitor; like Task Manager in Windows and System Monitor on Gnome in Linux it will show you what applications are running, under whose name, using what resources.

5) If the name implies correctly, this malware might have installed and began using a VPN that may have opened up your system to compromise. I think if you can confirm your network connections as are they were, using the normal ethernet or WiFi interface, then nothing was installed or is running.

There is a "best case" scenario with things like this where you benefit from a "scared straight" moment without consequences. Learning something in this world without paying a price is something to be grateful for! :)
Click to expand...

I get it that a .zip file doesnt mean much. What Ive found though is that the .zip files find their way to the trash AFTER an installer is opened. My child doesnt really know what they did... they claim they thought they had to click something to keep doing what they were doing.

Im not finding any installer, that IS a good sign... But that said, Im not sure I rust much of anything, given that there is the potential for it to be malware or something else. For all I know it is sneakily routing data some way that I dont know how/where... doing it silently. Thats my fear, because I cant find anything and cant see anything that strange currently... FWIW...

Agree on the lesson learned. A lot of discussion on that today.
 
You must log in or register to reply here.

Similar threads

OVERKILL
DNS and Secure DNS
Replies
15
Views
1K
hammerniski
J
OCI/FCI of Many Years But With Low Miles
2
Replies
28
Views
2K
Jim Rogers
M
CNC milling machine - failed hard drive
Replies
15
Views
1K
Merek
y_p_w
International package shipping going nowhere
2 3
Replies
43
Views
4K
TheLastWord
Shel_B
Something to make you smile or laugh
Replies
16
Views
1K
SammyChevelleTypeS3
Back
Top