Data destroying malware?

fsjjeff
Contributor II

Anyone know if there's some kind of Mac malware going around that erases all user data?

I've had 3 instances of users losing everything in the past week - I'm always seeing it after the fact so difficult to diagnose, but wondering if anyone else is seeing something like this out there?

With 2 of the computers the user described the computer getting really slow and beach-balling, they got annoyed and restarted it and after everything was gone. On one of those it erased a secondary partition, an external drive, a connected file share and corrupted the boot drive as well.

No one has admitted to visiting any questionable websites or downloading suspicious software, but that's not impossible.

2 REPLIES 2

al_platt
Contributor II

Never heard of anything like this.

You heard of the odd ransomware issue but not file deletions.

If you look at the drives themselves in disk utility or something do they show that space as free? I'm wondering if its more a file system issue but odd it would be on external or file shares. Do the logs say anything on the local machine or the file server?

If you want to monitor/prevent malware execution you can take a look at the apps (free) on https://objective-see.com/products.html

bentoms
Honored Contributor III
Honored Contributor III

@fsjjeff Maybe an errant policy, EA or PKG? I'd be looking at policy logs..