Skip navigation

Keylogger from Runescape scam? Very concerned!

641 Views 18 Replies Latest reply: Nov 27, 2012 8:36 PM by KL1207 RSS
1 2 Previous Next
KL1207 Calculating status...
Currently Being Moderated
Nov 27, 2012 6:21 PM

I play the online game Runescape. There was a "giveaway" video on youtube that people were told to comment on to possibly win items/money for Runescape. In the description of the video there was a link to the actual Runescape forums with a thread about the "giveaway" that was "moderator approved" so I figured it wasn't a scam, like these things usually are. I was being stupid, because it was indeed a scam. I didn't think I could possibly get hacked by commenting on a youtube video but I ended up losing access to my Runescape account. I did get it back by changing my password and setting up "Jagex account guardian" which doesn't allow new devices to log onto my account unless I answer security questions. This was about 3-4 days ago and nothing else suspicious has happened. However, today someone told me that the way the person hacked everyone who commented was by making a keylogger in the link that was in the description of the youtube video that I clicked on. I am not very tech savy so I don't know how this works but now I am concerned that the hacker has access to other information on my computer. Can someone help me figure out if there is a keylogger on my mac and if I have one how to get rid of it?

MacBook Pro
  • John Galt Level 7 Level 7 (33,090 points)
    Currently Being Moderated
    Nov 27, 2012 6:27 PM (in response to KL1207)

    Absolutely no one can install anything on your Mac unless they have an Administrator account and password.

     

    Did you provide your credentials for some unknown reason?

  • John Galt Level 7 Level 7 (33,090 points)
    Currently Being Moderated
    Nov 27, 2012 6:44 PM (in response to KL1207)

    You probably were deceived into revealing your Runescape password, that's all, and you changed that. This was nothing more than falling victim to a phishing attempt. Nothing can prevent you from revealing personal information other than you.

     

    There are keylogger apps that run on Macs, but unless you or someone else with physical access to your Mac deliberately downloaded and installed one, including providing the Administrator name and password that you use to log in to your Mac, then it is not possible to have a keylogger app installed on your Mac.

    MacBooks  iMacs  iPods  AirPorts, OS X Mountain Lion,  27 years Apple!
  • Linc Davis Level 10 Level 10 (107,860 points)
    Currently Being Moderated
    Nov 27, 2012 6:55 PM (in response to John Galt)

    Absolutely no one can install anything on your Mac unless they have an Administrator account and password.

     

    That's not true.

  • Linc Davis Level 10 Level 10 (107,860 points)
    Currently Being Moderated
    Nov 27, 2012 6:58 PM (in response to KL1207)

    Did you download anything? Are any Safari extensions installed that you don't recognize? Is Java enabled in Safari?

  • macjack Level 9 Level 9 (50,445 points)
    Currently Being Moderated
    Nov 27, 2012 6:59 PM (in response to KL1207)

    As John Galt says, what's on your Mac is safe. What you send into cyberspace is up for grabs.

    Are you saying you don't login to Runescape, or to play games?

  • ds store Level 7 Level 7 (30,305 points)
    Currently Being Moderated
    Nov 27, 2012 7:07 PM (in response to John Galt)

    John Galt wrote:

     

    Absolutely no one can install anything on your Mac unless they have an Administrator account and password.

     

    Not exactly.

     

    That condition only exists if it's trying to gain root access or escape the priviledges of Standard User.

     

    Code can run in any user account, even Standard User can copy a standalone program out of Applications folder and paste in Movies folder and run it.

  • ds store Level 7 Level 7 (30,305 points)
    Currently Being Moderated
    Nov 27, 2012 7:24 PM (in response to KL1207)

    If there is a keylogger on your machine, and your running as a Admin user, your  option is to backup your files manually to to a external drive (not timemachine or clones) and disconnect all other drives.

     

    Boot into Recovery HD (command r at boot time) or if a recent Mac use Internet Recovery (commmand option r boot) or if on 10.6, c or option key boot off the 10.6 installer disk and erase the Macintosh HD partition.

     

    Need a wired or built in keybord for the at boot key commands.

     

     

    Once finished quit and install OS X, may need your AppleID and password if you upgraded OS X, also later to reinstall your free iLife from AppStore.

     

    Restoring your Free iLife (iPhoto, iMovie etc)

     

     

    Install all programs from original verifiable sources, and lastly files from backup after verification.

     

     

    They might be altered to look like files, but are trojans.

     

    First you need to launch all your programs from the Applications folder at least once, this will give the OS X warning "you are opening this program for the first time" which you say ok, as you want this.

     

    Next you doubleclick each file and if you get "you are opening this program for the first time" warning on any of them, it's obviously a trojan as you have already opened all your programs already, so cancel and trash the trojan.

  • macjack Level 9 Level 9 (50,445 points)
    Currently Being Moderated
    Nov 27, 2012 7:29 PM (in response to ds store)

    Please provide a link to any post from someone who has found a keylogger on their Mac.

  • ds store Level 7 Level 7 (30,305 points)
    Currently Being Moderated
    Nov 27, 2012 7:38 PM (in response to John Galt)

    John Galt wrote:

     

    There are keylogger apps that run on Macs, but unless you or someone else with physical access to your Mac deliberately downloaded and installed one, including providing the Administrator name and password that you use to log in to your Mac, then it is not possible to have a keylogger app installed on your Mac.

     

    Sorry John, your wrong again.

     

    It's certainly possible to use a Java or browser exploit to sneak code onto a Mac, even in Standard User and run it to gleam keystrokes or upload files out of a user account.

     

    Code can run in any user account, it just only has privileges of the account it's running in and thus can't affect change outside of that unless it's given more access privileges.

     

    Physical access and/or the Admin password will give the keylogger the ultimate root access, but it certianly can do what it needs to do right in Admin or Standard User account privildges as it's doing a basic thing, recording keystrokes that all programs do and going online with that information.

  • ds store Level 7 Level 7 (30,305 points)
    Currently Being Moderated
    Nov 27, 2012 8:03 PM (in response to KL1207)

    KL1207 wrote:

     

    So I was told that this "keylogger" was somehow in a link I clicked and when I clicked on the link this allowed the person to see my keystrokes and get my password. Is this even possible? Or no.

     

    Yes it's possible.

     

    The link you clicked could have directed to a site that ran a browser, Java or other plug-in exploit that ran code on your machine and recorded your keystrokes.

     

    The code might have done more than that and actually installed something on your machine.

     

    The only way to be sure is to remove everything and start over from scratch, return user files making sure they are files ONLY and not programs that look like files.

     

    If this is beyond your capability, then take the machine to a local PC/Mac software shop and tell them, they will know what to do as they deal with malware all the time.

     

    Good Luck

1 2 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (1)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.