Brother ran a fake CAPTCHA command what's the impact?
My brother has an M1 Pro Mac and was checking the Financial Times Europe’s Fastest Growing Companies 2026 list. He clicked this company’s website
Beentouch and it immediately showed what looked like a fake CAPTCHA. He pasted and executed the command it gave him in terminal but when it showed him the login/password prompt he cancelled it and not enter his pass.
A couple of minutes later he told me what happened so I immediately disconnected the Mac from the internet. Since then I’ve been helping him change his important passwords from a different device.
I’m wondering how deep the damage could be. I assume they may have stolen browser data and saved passwords but I’m not sure what else we should check to understand how far the attack went.
I also ran a full scan with Malwarebytes and it found MacOS.Stealer.AMOS named sysmd at: /Users/dino/.cache/megas3000/sysmd
Malwarebytes deleted the file but the folder is still there and contains these files https://i.postimg.cc/4nDM5yhw/unnamed.jpg
I’m hoping someone can safely analyze the command and explain what it did. Here is the command https://i.postimg.cc/s1k8cxZ7/unnamed-(1).jpg if you need the text version you can go the website above. The CAPTCHA appears immediately.
.jpg){kind=link}