Malware copy of DropDMG?

I got sent a copy of this app DropDMG, I was asking how to make an encrypted disk image with Disk Utility. I think maybe I tried this app once before a while ago but I must of trashed it. Anyway I installed this but I noticed that on launch it asked me to enter my Mac’s admin password. I thought maybe that was standard as the app does encryption and maybe it keeps the passwords in the keychain? But looking at your site I noticed in the faq a note about bad copies of the app and that some are changed to install adware and these ask for your admin password. My sister isn’t here for me to ask her where she got this copy but I want to ask if the app has asked for my admin password and I’ve entered it, could I have installed some sort of malware? If I have what can I do about it? Should I do a clean install my operating system?

You do need to enter your password in order for DropDMG to access the keychain, however:

  • You should only have to do this once, and macOS should remember the permission for all future versions of the app.
  • DropDMG only asks this at the time it needs to access the keychain, i.e. when you are editing a password or creating a disk image that uses encryption.

My guess is that the reason it wants your password at launch is because you had Always run with root access checked. When you install a new version of the app, it needs to re-apply the proper file permissions to enable this feature. It’s OK to click Cancel, as you can always check the preferences box later if you want.

If you’re worried about not having a legit copy of DropDMG, you can always download it again from the proper source.