User profile for user: Community User
Community User Author

My MacBook is being remotely accessed / hacked repeatedly

Hi I am not sure where to turn to for help, but my MacBook is being constantly accessed remotely by a user. I have gone to Genius Bar and asked them to put new operating software and wipe my computer clean 3x now. It keeps happening. Now when I turn on the computer or screensaver all this weird code shows up. Can someone help me understand? Someone mentioned gtrace is part of Linux? Any more information would help! Trying to get it to stop. I had them install Mojave and Catalina but it keeps on happening no matter how many times I get them to reinstall.

MacBook

Posted on Mar 12, 2020 9:38 AM

Reply
Question marked as Top-ranking reply
User profile for user: John Galt
John Galt
User level: Level 10
155,804 points

Posted on Mar 12, 2020 9:53 AM

Your Mac has been set to start in "verbose mode" (not Single User mode, which is different): Ways to start up your Mac - Apple Support


Resetting NVRAM to defaults is the easiest way to fix it: Reset NVRAM or PRAM on Mac - Apple Support


... my MacBook is being constantly accessed remotely by a user.


I didn't address that question, but more information is required, a lot more. I suggest addressing the "verbose mode" problem first, then describe the reason you believe your Mac has been subject to malicious interference. That's a serious concern.

View in context
13 replies
Question marked as Top-ranking reply
User profile for user: John Galt
John Galt
User level: Level 10
155,804 points

Mar 12, 2020 9:53 AM in response to Community User

Your Mac has been set to start in "verbose mode" (not Single User mode, which is different): Ways to start up your Mac - Apple Support


Resetting NVRAM to defaults is the easiest way to fix it: Reset NVRAM or PRAM on Mac - Apple Support


... my MacBook is being constantly accessed remotely by a user.


I didn't address that question, but more information is required, a lot more. I suggest addressing the "verbose mode" problem first, then describe the reason you believe your Mac has been subject to malicious interference. That's a serious concern.

Reply
User profile for user: Kurt Lang
Kurt Lang
User level: Level 9
68,680 points

Mar 12, 2020 9:42 AM in response to Community User

It's not a hack. Your Mac is, for whatever reason, starting up into Single User Mode.


Unless you actually install Linux onto a separate partition of the drive, you cannot run any Linux apps. macOS is built on top of Unix. While they look much alike, Unix and Linux are anything but the same.


I'm not great at reading these messages, so I'm not sure why the Mac is bombing out to the command line.

Reply
User profile for user: babowa
babowa
User level: Level 9
78,568 points

Mar 12, 2020 6:35 PM in response to Community User

Catalina creates two Mac HD volumes: the first is read only and contains your OS and system; the second (Mac HD - Data) contains your User folder and apps and is read/write. You have two Mac HD Data volumes because you did not follow a certain protocol; the new APFS file system will create a duplicate of your Data volume every time you reinstall (without following the protocol) - which is outlined in this Apple article:


https://support.apple.com/en-us/HT208496

Reply
User profile for user: Community User
Community User Author

Mar 12, 2020 4:12 PM in response to The_Smart_Guy

I just went to the Mac store again and had them restart but as soon as a create a new profile and log in (no iCloud connected, no personal wifi -- had to get rid of both) there are already odd settings. Like there are 3 HD icons, the spotlight search doesn't work, a remote disk which I can't disable, and I can't disable this bluetooth remote wake option. I don't understand how this is possible. I made them downgrade from Catalina to Mojave today when I went to the store. I just turned my computer back on.

Reply
User profile for user: Community User
Community User Author

Mar 12, 2020 4:14 PM in response to John Galt

It won't let me do the reset. It won't shut down correctly... it's almost like it's not shutting down. Is there another way to do this? When I first came across this problem, somehow a guest user was created on my Mac with admin privileges and file sharing was on for everything. I've never let anyone else use my Mac before and never allowed guest privileges.

Reply
User profile for user: John Galt
John Galt
User level: Level 10
155,804 points

Mar 12, 2020 4:56 PM in response to Community User

ss242 wrote:

It won't let me do the reset. It won't shut down correctly... it's almost like it's not shutting down. Is there another way to do this? When I first came across this problem, somehow a guest user was created on my Mac with admin privileges and file sharing was on for everything. I've never let anyone else use my Mac before and never allowed guest privileges.


Setting aside for the moment the grave concern about using a Mac that has almost certainly been subjected to malicious tampering, you can reset NVRAM from the command line in Terminal:


sudo nvram boot-args=""


... should reset just the one that invokes the "verbose boot" mode.


Type your Admin password at the prompt. It won't be echoed, not even with •••• characters. Then press Return.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

My MacBook is being remotely accessed / hacked repeatedly

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up