Compromised Macbook Pro
A scammer gained remote access to my MacBook through Any Desk, a third party application. I have already deleted the app and install anti virus software. How else can I clean up my Mac?
[Re-Titled by Moderator]
You can make a difference in the Apple Support Community!
When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.
When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.
A scammer gained remote access to my MacBook through Any Desk, a third party application. I have already deleted the app and install anti virus software. How else can I clean up my Mac?
[Re-Titled by Moderator]
Go change all of your passwords. All of them. Including the passwords on your password-reset paths; on your email accounts used for password recovery. Restore your Mac from backups created prior to the breach. If your credit card info was on the system, either carefully watch your financial accounts, or notify the financial providers. Enable two-factor if not already in use. Remove that anti-virus app, too.
Go change all of your passwords. All of them. Including the passwords on your password-reset paths; on your email accounts used for password recovery. Restore your Mac from backups created prior to the breach. If your credit card info was on the system, either carefully watch your financial accounts, or notify the financial providers. Enable two-factor if not already in use. Remove that anti-virus app, too.
Erase your Mac and restore from a backup made before this event. If someone has gained remote access to your Mac, then it is possible that they have made changes that cannot be easily reversed or cleaned-up. If you don’t have a backup, you need to make a backup with important data and then erase your Mac. Do not underestimate what the scammer may have done, or put off erasing your Mac. It needs to be done as soon as possible.
Backups have to happen before the disaster, yes.
No backups means adding a re-installation to the task list, installing macOS and apps from known-good installs, and transferring over just your documents. And even that’s not without risk.
Getting two-factor authentication enabled and getting the passwords reset is a priority, as those can provide substantial access and value to the scammer if the passwords have been uploaded.
Thanks for your advice. How do I restore my Mac from backups?
I do not have a backup prior to the breach. Isn't it too late to do a backup down and erase as any backup I do now will have changes made by the scammer?
Yes, I have changed all PW and enabled 2FA where available on all accounts.
Compromised Macbook Pro