I’m on macOS Ventura 13.2.1 (22D68). I run a script in my computer and the outcome was pretty much as described in this post. So some files were installed to the /tmp/ folder, and the Opera browser was installed. I do not know to what extend was the damage as I managed to immediately remove all files from the temporary folder, removed the Opera browser, and the ryderd daemon. I am now running an antivirus (Acronis Cyber Protect). I noticed, however, that some login items were also added to General->Login Items, and I’m particularly concerned about the /usr/bin/open command, which shows the message
Item from unidentified developer.
(see image).
I believe that script changed this system file but of course I’m not sure about it (other than the message that I see). I checked on another computer running the same os and both files seem to have the same size. Of course I’m afraid that this script could lead to malware on my computer, so I’m wondering what I can do to make sure everything is fine.
