Compromised MacBook

Question

Level 1

8 points

Compromised MacBook

My MacBook Pro continues to be compromised after system restores. It could be paranoia but it appears like somehow I'm getting thrown into a virtualized environment somehow. I'll start noticing user folders that have the blue arrow drawn on them indicating alias folders. I'll also notice a ton of certificates in my keychain that I never created. I have rapid7 and jamf installed and their reps are saying they have noticed nothing out of the ordinary. This is really concerning to me because I found a folder deep into my files that contained about 8gb+ of company financials that I never copied onto my hd. Netstat shows me connected to myself on different ports, not sure if that is normal. I'll attach my last minute or two of logs in a random place. My last restore, I just made a user account with the most basic privileges to use. This account has no install permissions or anything like that and I still feel compromised. I will say that there is plenty of opportunity for people to get physical access to my device.

some logs

Mac Pro

Posted on Oct 16, 2019 8:50 AM

Reply

Answer 1

Drexus

Level 2

191 points

Nov 10, 2019 8:48 AM in response to hukmans

First, Get rid of "Bitdefender Virus Scanner" right now. Those things are essentially fear-profiting software.

Second, remove the Launch Daemon "com.rapid7..."

To properly remove these things, get an app called "App Cleaner & Installer" (by Nektony). This app will find anything that is installed as well as remaining bits and pieces of old installations (reinstalling your system does not remove these things). The app also installs a monitor that detects when you delete an app. Nice, but a bit overkill. After using the app, delete it.

Report back.

Reply