Prevent Ransomware By Automatically Finding The Checksum Of Downloaded Files

Apple has already shut down the ransomware found in the Transmission torrent client.  You can easily prevent this from happening to you in the future by adding a Hazel rule to your downloads folder, which will automatically determine the checksum, so you can compare it with the one the legitimate file has.

You can run these commands independently but it’s kind of a pain sometimes.  I love when computers do things for me automatically, so with a simple Hazel rule, I can now quickly check if my downloaded files are legitimate ones.  Whenever a file is downloaded, a dialog now pops up showing me three different checksums, which I can compare to the ones on the Website I am downloading the file from.

The name of the file is the title of the dialog.  I can then copy and paste the checksum to verify it matches before opening/installing the file.

checksum-automatic

Setup

This is a straightforward rule to set up.  First, create a new downloads rule called Verify checksums.

new-downloads-rule

Then, create a ruleset that checks for files added today and then runs a shell script.

date-added-run-script

Paste in the script below and you are all set!

script-checksum-roll-your-own

 

4 Replies to “Prevent Ransomware By Automatically Finding The Checksum Of Downloaded Files”

  1. Nice. I find it better for my own usage to create an OS/X service and trigger it manually on files I’m interested in. That said, the code doesn’t support files with spaces in their names. Here’s code that does:

    
    name=$(basename "$1")
    osascript <<EOT
    display dialog "
    MD5:
    $(md5 "$1" | awk '{print $NF}')
    
    SHA1:
    $(openssl sha1 "$1" | awk '{print $NF}')
    
    SHA256:
    $(openssl dgst -sha256 "$1" | awk '{print $NF}')
    
    SHA512:
    $(openssl dgst -sha512 "$1" | awk '{print $NF}')" with title "$(echo $name)" with icon Caution
    EOT
    
    1. Nice, thanks!

      I also realized it might be better to specify certain file types (i.e. .app, .dmg, .iso, etc.) instead of any file, otherwise it pops up every time you download an image or PDF.

  2. Is it technically possible for that dialog pop-up to include an input text-field? so you can copy/paste the checksum you want to compare? (and have it compare the two automatically.)

Leave a Reply