Want to highlight a helpful answer? Upvote!

Did someone help you, or did an answer or User Tip resolve your issue? Upvote by selecting the upvote arrow. Your feedback helps others! Learn more about when to upvote >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: applecommunities1983
applecommunities1983 Author
User level: Level 1
14 points

Has my Mac been hacked???

This morning my Mac showed a "weird behaviour". I am wondering if my Mac has been hacked.

Please help me.


Time Frame:

  • 25th Dec. 2018 - between 00:00 am and 05:25 am


Description/Behaviour:

  • Mac became suddenly very noisy; Fan speed increased to maximum (never experienced that before)
  • at the same time: streaming/browser/app performances were still ok
  • after closing all apps/streams/browser: still maximum fan speed and noisy
  • after restart: normal behaviour
  • that occurred a couple of times within the mentioned time frame (see above)


Some conspicious logs (see whole system.log below) :

  • "..."com.apple.security.view-change.PCS" has been registered <20 or 40> times - this may be a leak"
  • "...(com.apple.universalaccessd[344]): Service exited due to signal: Killed: 9 sent by loginwindow[116]..."
  • (com.apple.WiFiProxy[394]): Service exited due to signal: Killed: 9 sent by WiFiProxy[394]
  • (com.apple.AirPlayUIAgent[446]): Service exited due to signal: Killed: 9 sent by loginwindow[116]
  • (com.apple.iTunesHelper.27932[381]): Service exited with abnormal code: 1
  • (com.apple.cloudphotosd[414]): Service exited due to signal: Killed: 9 sent by loginwindow[116]
  • iTunesHelper[379]: exiting due to SIGTERM
  • The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.
  • com.apple.xpc.launchd[1] (com.apple.xpc.launchd.user.domain.503.100007.Aqua): Caller not allowed to perform action: loginwindow.116, action = service removal, code = 150: Operation not permitted while System Integrity Protection is engaged, uid = 0, euid = 503, gid = 20, egid = 20, asid = 100007
system.log - Part 1
system.log - Part 2


EtreCheck Report (Summary):

Etre Check - Report



Posted on Dec 25, 2018 10:07 AM

Reply
Question marked as Best reply
User profile for user: leroydouglas
leroydouglas
Community+ 2024
User level: Level 10
183,474 points

Posted on Dec 25, 2018 12:20 PM

Has my Mac been hacked???

No.



Try resetting the SMC http://support.apple.com/kb/ht3964


View in context

Similar questions

6 replies
User profile for user: applecommunities1983
applecommunities1983 Author
User level: Level 1
14 points

Dec 25, 2018 1:28 PM in response to leroydouglas

Thank you leroydouglas!


Can you explain how you conclude that i am not "hacked"?

I dont have the neccessary knowledge to interpret the system.log entries.


The "common opinion" is that OSX can't be "hacked".

However "hack" can be defined, what are the appropriate safeguards to avoid any "hacks"?

Are there any other weak points than the apple credentials?

Are there any indications in the logs that someone else then me might have used my apple credentials in the given time frame? (However/who ever was able to find out my credentials ...I am not sure if there has been any possibility/situation where someone saw me typing my password on the keyboard or any similiar situation)

You see on my dumb questions that I am really worried about my sensitive data on my mac/iphone since last night.


Thank you and wish you happy holidays with your family and a happy new year.




Reply
User profile for user: Grant Bennet-Alder
Grant Bennet-Alder
User level: Level 10
126,817 points

Dec 25, 2018 1:51 PM in response to applecommunities1983

Time Machine backup out-of-date - The last Time Machine backup is over 10 days old.


System modifications - There are a large number of system modifications running in the background.


You are using an eraser program (wonderShare SafeErase) with an encrypted SSD drive. This is not needed, slows your Mac, and greatly increases wear on the SSD for no benefit whatsoever. When an SSD files is erased, it is GONE.


Silverlight is deprecated for the Mac, and has been since 2016.


You do not need LinkLiar, as long as your are behind a Router you control. There is a lot more stuff you are running that is not needed as well.


I see no evidence you have been hacked. When running MacOS 10.11 El Capitan and later with System Integrity Protection in place, there is literally no where to hide. Anything added to your Mac shows up as its own file. "Hacked" system files (it they were possible) simply refuse to run.

Reply
User profile for user: applecommunities1983
applecommunities1983 Author
User level: Level 1
14 points

Dec 25, 2018 2:23 PM in response to Grant Bennet-Alder 

Time Machine backup out-of-date - The last Time Machine backup is over 10 days old.

>>>Yeah, I allready read that in the report. My priority lies on my few hard drive archive for each year... time machine backup has not that priority for me.


System modifications - There are a large number of system modifications running in the background.

>>> Yeah read that in the report... need to check them all. Thank you very much!


You are using an eraser program (wonderShare SafeErase) with an encrypted SSD drive. This is not needed,  slows your Mac, and greatly increases wear on the SSD for no benefit whatsoever. When an SSD files is erased, it is GONE.

>>> Just found a .plist data related to this. I deleted it. Thank you!


Silverlight is deprecated for the Mac, and has been since 2016.

>>> Deleted. Thanks!


You do not need LinkLiar, as long as your are behind a Router you control. There is a lot more stuff you are running that is not needed as well.

>>> Deleted. Thanks!


I see no evidence you have been hacked. When running MacOS 10.11 El Capitan and later with System Integrity Protection in place, there is literally no where to hide. Anything added to your Mac shows up as its own file. "Hacked" system files (it they were possible) simply refuse to run.

>>> Thank you for your estimation!


Wish you and your family peaceful holidays and a happy new year!


BR


Reply
User profile for user: Grant Bennet-Alder
Grant Bennet-Alder
User level: Level 10
126,817 points

Dec 25, 2018 5:28 PM in response to applecommunities1983

<<"My priority lies on my few hard drive archive for each year... time machine backup has not that priority for me.">>


You are sadly under-utilizing the capabilities of Time Machine to do automatic, low-priorly backups for you in a hands-off way.


Time Machine uses a data structure called the File System Event Store. This is kept by MacOS that records which folders have been modified recently.


If you chose to backup infrequently, The File System Event Store is stale, and Time Machine can easily take four hours of computation (which it does first) to determine what needs to be backed up.


If you allow Time machine to run at least every few days, it can use the data from the File System Event Store to figure out what needs to be backed up in only a very few minutes, and your backup begins right away, runs at low priority in the background, and is intended to not interfere with your work in any way.


You do not need to set aside a special time to do backups, they just get done. Which means if you need one, it is far, far more likely to be available.


That is why Etrecheck flagged it, and why I am bringing it up again. You could do far better, and probably with less disruption and less work.

Reply

Has my Mac been hacked???

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up