User profile for user: fmnamado
fmnamado Author
User level: Level 1
10 points

I have been hacked

Hello,

I'm new here, never posted.

I was in bed and started to receive sms/alerts of buying things with my cards.

I came to my iMac and it was being remotely controlled.

The mouse was moving and someone was trying to send money over paypal.

I would apprecciate help into checking if paypal was charged or not, because I saw a "send money to ..." screen my I cannot review any kind of activity like sending money.


The hacker also tried buy Xbox Live cards in the site https://cheapestgamecards.com/Xbox-Giftcards but was denied by PayPal (don't understand why) but the orders were cancelled.


My amazon account was charged to Xbox Live cards, if you can help me trying to reverse the buy, please do. Right now Amazon is closed (5AM).

Somehow the account got blocked because I had to reset the access (probably to many frequent access by the hacker.


I tried to move the mouse and I was fighting with them so I unplugged the Ethernet cord.


In the taskbar it was the two computer icon, which I am 99% sure that it appears if I connect to the mac via VNC.

Apple Remote Desktop was enabled (which I turn off in the meantime).

I also use other remote dekstop software solutions, like teamviewer and anydesk.


Looking in the internet I found this thread https://discussions.apple.com/thread/8275720

It seems the same kind, so I'm opening this thread right now.


In that thread they suggest using Etrecheck, which I did.


Here it goes (down probably)



I also found this site https://sites.google.com/site/howtotellifyourmacishacked/is-etrecheck-malware which says EtreCheck is malware, so I ran a scan in Malware bytes and found nothing. Right now I am paranoid and trust none app.


What do you suggest to do right now?


Thank you very much.


EtreCheck Report


iMac Line (2012 and Later)

Posted on Jan 6, 2021 9:26 PM

Reply
3 replies
User profile for user: Ronasara
Ronasara
User level: Level 6
15,553 points

Jan 7, 2021 11:38 AM in response to fmnamado

I looked at the EtreCheck report briefly. Congratulations on managing your computer well. While this issue is clearly over my head, I can offer some observations. If this were me, here is what I wold do.

  • I would open About This Mac under the Apple logo.
  • I would click on System Report.
  • I would then click on Applications. Be patient, it takes a while to display.
  • You will see displayed a lot of apps. Ignore the Apple apps. Check the complete list of non Apple apps and write them all down which you aren't familiar with. There may be several.
  • Then go to the internet to confirm that they are all valid apps.
  • If you see something in question, I would seriously consider removing it. All of it. I would (and do) use AppCleaner. It is safe and very easy to remove. It can remove all aspects of any app.
  • What I would be looking for is a app that enables someone to come in and control the computer. There may be some other way to do it, but I don;'t know about such things.
  • If you later find you made a mistake, then you can always reinstall the removed app.
  • Beyond this, work with your bank to enable security, etc.

Good luck to you in dealing with this.

Reply
User profile for user: Ronasara
Ronasara
User level: Level 6
15,553 points

Jan 7, 2021 11:42 AM in response to Ronasara

I have another thought. If someone was able to download an app which enables them to take control of your computer, it must have been because you previously visited a web site and then did a download of something that was corrupted. Think back on where it might have been. Second, you might do an internet search on methods used to remotely control a Mac without having first granted permission.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

I have been hacked

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up