M1 MacBook hacked using dev tools and linux, windows

Question

M1 MacBook hacked using dev tools and linux, windows

My MacBook has been running "VANILLA" OS since August. I D\L dev tools and figured out (after 8 resets and 4 DFU's) that Linux, python, perl, js, ruby, cocoa, and many other scripts are running most of the OS running kext plugins. it is persistent and using many languages to encode MOST of the virus.

There is an Active Directory and LDAPv3 servers under Directory Utility, which have me hacked with maybe MDM. All Root signing is from them. SMB servers, btw.

I've seen files redirecting Apple updates to different servers, AWS, Cloudflare, as well as others.

I also have a new iPhone 13 that is infiltrated and apparently 2 Samsung smart tv's, neither will update.

Any help would be greatly appreciated.

MacBook Air 13″, macOS 12.1

Posted on Jan 27, 2022 9:21 PM

Reply

Answer 1

Best reply

John Galt

Level 10

141,180 points

Jan 28, 2022 8:06 AM in response to M1-MacBook-Running-onPython

Those actions effectively ruled out the MacBook Pro as the source of your concerns. In other words if you're getting attacked from somewhere, look elsewhere. Consider routers, ISPs, wireless networks... etc.

Reply

Answer 2

Jan 28, 2022 7:54 AM in response to John Galt

Thank you John. This machine has been factory reset 10 times by myself and Apple Genius store and they’ve DFU the MacBook 6 times and fresh installed Monterey OS at the store. It is persistent and comes right back.

My iCloud ID has been enrolled in device management. I did not do this.

Verizon has started a return for the phone.

Reply

Answer 3

HWTech

Level 9

55,784 points

Jan 28, 2022 5:37 PM in response to John Galt

@John Galt is correct that routers and any home networked devices are very susceptible to being taken over and keeping the "infection" on your home network. Power off your router for several minutes, then power it back on since there are router vulnerabilities where visiting a compromised webpage can actually infect your router until the router is rebooted or power cycled. Even better would be to perform a hardware reset of your router in case someone has actually compromised the router.

IoT devices (basically any network connected item/device besides a computer or phone/tablet) are known to have very poor security as well with many vulnerabilities which are not always patched by the manufacturer, plus some of these devices have hard coded passwords. IoT devices are basically any "Smart" networked devices. These devices can also be compromised and re-infect other network devices. If this has happened, then you need to hard reset each one (if it is even possible -- most likely it is not since IoT devices tend to have very few options) or power them off. Unfortunately I cannot find the article that explained the actual vulnerability and attack.

You may need to call in a security specialist to help you through this ordeal since it may involve devices besides Apple hardware such as your modem, router, Smart TV, Smart appliances, etc. Keep in mind you need to be very careful restoring data from backups as you may be bringing back the problem. Until you figure out the source, you will keep having the problem recur. You probably should change the passwords of all your accounts online & offline including your router and computer.

IoT Devices:

https://en.wikipedia.org/wiki/Internet_of_things

Somewhat technical details in these articles, but they do show how IoT devices are very insecure:

https://arstechnica.com/information-technology/2019/03/mirai-botnet-aims-to-wrap-its-tentacles-around-a-new-crop-of-iot-devices/

https://arstechnica.com/information-technology/2020/10/thousands-of-infected-iot-devices-used-in-for-profit-anonymity-service/

https://arstechnica.com/information-technology/2021/04/100-million-more-iot-devices-are-exposed-and-they-wont-be-the-last/

Reply