The entry in the /etc/hosts file is difficult for laypeople to find; the folder at the top level of the system partition remains hidden in the Finder and can only be accessed using the keyboard shortcut +. Make (point) visible. The hosts file can only be changed with admin rights. The entry itself consists of three lines, two of which are comments. So effectively it’s a single entry:
## Adobe Creative Cloud WAM Start##
166.117.29.xyz detect-ccd.creativecloud.adobe.com
## Adobe Creative Cloud WAM – End ##
Although modifications to the /etc/hosts file are common in server scenarios, they are rarely found on a user system – the effects can be unpredictable. In the case of malware, however, this scam is widespread because it allows certain URL calls to be specifically redirected to other servers.
An unchanged hosts file from macOS – note the warning.
Browser login verification
Reddit user thenickdude has a theory for the cause: When you visit Adobe’s website, a JavaScript command tries to load a file called “cc.png” from the URL specified in the hosts file. If Creative Cloud was installed on the computer and the entry in the hosts file was also added, the file retrieval works. If the file does not load, JavaScript reports an error to the web server. Some time ago, the JavaScript function addressed ” directly. But after Google’s Chrome browser added a permission request to such connection requests last summer, Adobe apparently decided on this controversial workaround.
“No difference to malware”
The discovery sparked widespread opposition. John Gruber asks rhetorically what would happen if every installed software left an entry in /etc/hosts. He remembers a time when Adobe was a citadel of best developer practices. The Creative Cloud installer is now indistinguishable from malware. The first half of the statement is probably more of an individual opinion, the second half finds general agreement. A sarcastic comment on Reddit notes that a pirated copy now runs more stable, starts faster and interferes less with the system.