1 2 Previous Next 18 Replies Latest reply: Nov 27, 2012 8:36 PM by KL1207
KL1207 Level 1 Level 1 (0 points)

I play the online game Runescape. There was a "giveaway" video on youtube that people were told to comment on to possibly win items/money for Runescape. In the description of the video there was a link to the actual Runescape forums with a thread about the "giveaway" that was "moderator approved" so I figured it wasn't a scam, like these things usually are. I was being stupid, because it was indeed a scam. I didn't think I could possibly get hacked by commenting on a youtube video but I ended up losing access to my Runescape account. I did get it back by changing my password and setting up "Jagex account guardian" which doesn't allow new devices to log onto my account unless I answer security questions. This was about 3-4 days ago and nothing else suspicious has happened. However, today someone told me that the way the person hacked everyone who commented was by making a keylogger in the link that was in the description of the youtube video that I clicked on. I am not very tech savy so I don't know how this works but now I am concerned that the hacker has access to other information on my computer. Can someone help me figure out if there is a keylogger on my mac and if I have one how to get rid of it?


MacBook Pro
  • 1. Re: Keylogger from Runescape scam? Very concerned!
    John Galt Level 8 Level 8 (36,395 points)

    Absolutely no one can install anything on your Mac unless they have an Administrator account and password.

     

    Did you provide your credentials for some unknown reason?

  • 2. Re: Keylogger from Runescape scam? Very concerned!
    KL1207 Level 1 Level 1 (0 points)

    The only thing I said in the comment on the youtube video was my Runescape username. However, they managed to somehow get my password and access my account. I was able to change my password and regain control of my account. The reason I am concerned is because someone told me that there was a keylogger in the link I clicked on which is how they got my Runescape password. I was worried that since they had the ability to get my Runescape password they might have the ability to get other information on my computer.

  • 3. Re: Keylogger from Runescape scam? Very concerned!
    John Galt Level 8 Level 8 (36,395 points)

    You probably were deceived into revealing your Runescape password, that's all, and you changed that. This was nothing more than falling victim to a phishing attempt. Nothing can prevent you from revealing personal information other than you.

     

    There are keylogger apps that run on Macs, but unless you or someone else with physical access to your Mac deliberately downloaded and installed one, including providing the Administrator name and password that you use to log in to your Mac, then it is not possible to have a keylogger app installed on your Mac.

  • 4. Re: Keylogger from Runescape scam? Very concerned!
    KL1207 Level 1 Level 1 (0 points)

    Okay thank you. I definitely did not write out my Runescape password anywhere though. Do you have any ideas of how they would have figured it out? I Never told it to anyone. Like I said I wasn't aware of how keyloggers worked. I was told that the hacker figured out my Runescape password by using a keylogger (which from what you just wrote seems impossible) so that person gave me false information. Is there another possible way the person could have gotten my password, and if so does that mean they could also be accessing other information with something other than a keylogger? I know I'm probably making zero sense right now, and I apologize for that.

  • 5. Re: Keylogger from Runescape scam? Very concerned!
    Linc Davis Level 10 Level 10 (118,270 points)

    Absolutely no one can install anything on your Mac unless they have an Administrator account and password.

     

    That's not true.

  • 6. Re: Keylogger from Runescape scam? Very concerned!
    Linc Davis Level 10 Level 10 (118,270 points)

    Did you download anything? Are any Safari extensions installed that you don't recognize? Is Java enabled in Safari?

  • 7. Re: Keylogger from Runescape scam? Very concerned!
    macjack Level 9 Level 9 (50,510 points)

    As John Galt says, what's on your Mac is safe. What you send into cyberspace is up for grabs.

    Are you saying you don't login to Runescape, or to play games?

  • 8. Re: Keylogger from Runescape scam? Very concerned!
    ds store Level 7 Level 7 (30,305 points)

    John Galt wrote:

     

    Absolutely no one can install anything on your Mac unless they have an Administrator account and password.

     

    Not exactly.

     

    That condition only exists if it's trying to gain root access or escape the priviledges of Standard User.

     

    Code can run in any user account, even Standard User can copy a standalone program out of Applications folder and paste in Movies folder and run it.

  • 9. Re: Keylogger from Runescape scam? Very concerned!
    KL1207 Level 1 Level 1 (0 points)

    I did not download anything recently. I do have Swiftkit downloaded (Runescape client). I'm not sure what a Safari extension is and Java is enabled.

  • 10. Re: Keylogger from Runescape scam? Very concerned!
    KL1207 Level 1 Level 1 (0 points)

    So I was told that this "keylogger" was somehow in a link I clicked and when I clicked on the link this allowed the person to see my keystrokes and get my password. Is this even possible? Or no.

  • 11. Re: Keylogger from Runescape scam? Very concerned!
    ds store Level 7 Level 7 (30,305 points)

    If there is a keylogger on your machine, and your running as a Admin user, your  option is to backup your files manually to to a external drive (not timemachine or clones) and disconnect all other drives.

     

    Boot into Recovery HD (command r at boot time) or if a recent Mac use Internet Recovery (commmand option r boot) or if on 10.6, c or option key boot off the 10.6 installer disk and erase the Macintosh HD partition.

     

    Need a wired or built in keybord for the at boot key commands.

     

     

    Once finished quit and install OS X, may need your AppleID and password if you upgraded OS X, also later to reinstall your free iLife from AppStore.

     

    Restoring your Free iLife (iPhoto, iMovie etc)

     

     

    Install all programs from original verifiable sources, and lastly files from backup after verification.

     

     

    They might be altered to look like files, but are trojans.

     

    First you need to launch all your programs from the Applications folder at least once, this will give the OS X warning "you are opening this program for the first time" which you say ok, as you want this.

     

    Next you doubleclick each file and if you get "you are opening this program for the first time" warning on any of them, it's obviously a trojan as you have already opened all your programs already, so cancel and trash the trojan.

  • 12. Re: Keylogger from Runescape scam? Very concerned!
    macjack Level 9 Level 9 (50,510 points)

    Please provide a link to any post from someone who has found a keylogger on their Mac.

  • 13. Re: Keylogger from Runescape scam? Very concerned!
    ds store Level 7 Level 7 (30,305 points)

    John Galt wrote:

     

    There are keylogger apps that run on Macs, but unless you or someone else with physical access to your Mac deliberately downloaded and installed one, including providing the Administrator name and password that you use to log in to your Mac, then it is not possible to have a keylogger app installed on your Mac.

     

    Sorry John, your wrong again.

     

    It's certainly possible to use a Java or browser exploit to sneak code onto a Mac, even in Standard User and run it to gleam keystrokes or upload files out of a user account.

     

    Code can run in any user account, it just only has privileges of the account it's running in and thus can't affect change outside of that unless it's given more access privileges.

     

    Physical access and/or the Admin password will give the keylogger the ultimate root access, but it certianly can do what it needs to do right in Admin or Standard User account privildges as it's doing a basic thing, recording keystrokes that all programs do and going online with that information.

  • 14. Re: Keylogger from Runescape scam? Very concerned!
    ds store Level 7 Level 7 (30,305 points)

    KL1207 wrote:

     

    So I was told that this "keylogger" was somehow in a link I clicked and when I clicked on the link this allowed the person to see my keystrokes and get my password. Is this even possible? Or no.

     

    Yes it's possible.

     

    The link you clicked could have directed to a site that ran a browser, Java or other plug-in exploit that ran code on your machine and recorded your keystrokes.

     

    The code might have done more than that and actually installed something on your machine.

     

    The only way to be sure is to remove everything and start over from scratch, return user files making sure they are files ONLY and not programs that look like files.

     

    If this is beyond your capability, then take the machine to a local PC/Mac software shop and tell them, they will know what to do as they deal with malware all the time.

     

    Good Luck

1 2 Previous Next