User profile for user: Ereigi
Ereigi Author
User level: Level 1
8 points

Possible keylogger installed

Asking on behalf of my elderly dad. I don’t know which OS he has installed. He fell victim to a scammer and allowed them access to his computer and banking info.


Is there a way to detect keylogging software on a Mac? When he called Apple they just told him to look for any newly installed apps. I’m a windows user so I’d expect a malicious software installation or change to the registry, but I don’t know if Macs function the same way.


The bad guys have already gotten to his bank account and changed his password there. I’m afraid that if a key logger has been installed, any changes dad makes to protect his information will be recorded and attacked again by the bad guys.


How can I help him?

Posted on Feb 21, 2023 5:19 AM

Reply
Question marked as Top-ranking reply
User profile for user: John Galt
John Galt
User level: Level 10
155,294 points

Posted on Feb 21, 2023 6:59 AM

Yes, but you can only look for the presence of a keylogger in the hope that you find one. It is not possible to conclusively determine the absence of one. You may for example find a keylogger or remote access tool installed, delete it, and conclude you're finished. Meanwhile, another more difficult to find keylogger may exist.


Completely erase the Mac and reconfigure it. However, the extent of the breach may not be limited to just his one Mac since we use so many Internet-connected devices these days. Consider the security of your Dad's wireless network (assuming he uses one), other devices, other services he may have, etc. Factory default reset any routers and change the wireless network password. These are only a few suggestions.


macOS does not incorporate a Windows-style registry. You can however search for recently installed software using the System Information app: System Information User Guide for Mac - Apple Support. Look under "Software".


There is an overall summary of these scams, how they work, who they target, and what to do if you've been scammed in Phony "tech support" / "ransomware" popups and web pages - Apple Community. Read the Appendix.

View in context

Similar questions

5 replies
Question marked as Top-ranking reply
User profile for user: John Galt
John Galt
User level: Level 10
155,294 points

Feb 21, 2023 6:59 AM in response to Ereigi

Yes, but you can only look for the presence of a keylogger in the hope that you find one. It is not possible to conclusively determine the absence of one. You may for example find a keylogger or remote access tool installed, delete it, and conclude you're finished. Meanwhile, another more difficult to find keylogger may exist.


Completely erase the Mac and reconfigure it. However, the extent of the breach may not be limited to just his one Mac since we use so many Internet-connected devices these days. Consider the security of your Dad's wireless network (assuming he uses one), other devices, other services he may have, etc. Factory default reset any routers and change the wireless network password. These are only a few suggestions.


macOS does not incorporate a Windows-style registry. You can however search for recently installed software using the System Information app: System Information User Guide for Mac - Apple Support. Look under "Software".


There is an overall summary of these scams, how they work, who they target, and what to do if you've been scammed in Phony "tech support" / "ransomware" popups and web pages - Apple Community. Read the Appendix.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Possible keylogger installed

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up