I have two accounts on my Mac: standard and administrator. I always use the standard account and when I need to perform an action that requires the administrator rights I enter my admin credentials into the popup window.
I got curious, is it possible for a malware that was installed in my standard user scope to gain the admin rights skipping the administrator credentials popup if it already possesses the admin password and username for some reason, in other words, can it enter the administrator password in the background so the user won't notice anything?
Generally speaking, is it possible for malware to do bigger harm if it knows the administrator credentials somehow?
Thanks!
MacOS – Can malware skip the administrator password popup if it already knows the password on macOS
administratormacospasswordSecurity
Related Question
- Keychain Issue – Yosemite
- MacOS – Is it good practice to use OS X with a Standard user, and have a separate Admin account
- MacOS – Signed binary being warned as signed by unknown developer on OSx
- Use password window with script code in Terminal on macOS
- Annoyance: latest version of Skype under Standard (non-admin) user on macOS 10.13
- MacOS – Make FileVault password different from user login password
- Will this get rid of all the data on the macbook pro (high sierra)
Best Answer
Yes, specifically, if malware can pop that up, you may already “be toast” so it won’t need to do this since it could just install a key logger and not tip you off.
If you want to learn more about keyloggers or other behaviors that are more solid indications of keylogger, try ReiKey by Objective-See is excellent.
LuLu and KnockKnock are excellent as well as general tools in this (malware and PUP) space:
When you are prompted for the password, normally that’s the OS asking for your password and very low chance that your password is about to be compromised. Malware could be about to run, but it’s not likely and not likely about to capture your password. The program asking for the password doesn’t get your password, just temporary admin rights.
What it does with those rights is the worrisome part, malware or not. It could install a key logger or persistent processes - those are worrisome.
Worst case, some malware could craft a dialog like your password and fool you to escalate privileges, but this is an unlikely possible scenario.
Anything is possible, especially if you are a high value target. For most people, tricking you or just running something that’s not signed is the risk here - not losing control of a strong and unique admin password.