Malware in a plain sight

Recently I have read about brew related malware that was laying in a plain sight.

I have decided to give it a try, and indeed there it was. For brew update query, there was a sponsored link that was pointing to brew like page.

the target page had a classic sh based injection.

It was resembling the original brew page

This is a perfect example of how easy one can be tricked to running malware code on Linux/macOS. If, additionally, sudo is used, the disaster is lurking just behind the corner.

The kindly reminder: never pipe command that you don’t understand (especially Base64 encoded stuff) to sh/bash/zsh command. Never :)