User profile for user: HelpMeEndThisAttack
HelpMeEndThisAttack Author
User level: Level 1
4 points

Spyware installed on two different MacBooks

Background

My 2021 MacBook Pro started showing signs of external access:


  • Slowed down dramatically - I only use it for basic content creation.
  • Began turning on when I turned it off. It refused to stay offline.
  • Emails with sensitive information were forwarded to an external address.


I downloaded Norton, then Malware Bytes, then installed security software at home to monitor network and device access. Nothing stopped access to my devices, but I started seeing a pattern of downloads and uploads, and devices turning on without me doing so. Usually this would occur late at night. (Note: the documents on my devices are extremely sensitive in nature.)


No ransom attack has happened since this started in February. Instead, a copy of key files were made in what I can only describe as a ‘faded’ /usr/bin series of file paths. This was discovered recently. What alerted me to possible spyware and external access was something I have never heard of, and can’t comprehend:


  1. I was watching Netflix a few weeks ago, and the subtitles turned on suddenly.
  2. The subtitles didn’t match what was being said in the show.
  3. Rewound the show to where the subtitles began, and couldn’t replicate the issue.
  4. Watched a different show, subtitles appeared.
  5. I began reading the subtitles and they used names like in a chat room. Then one said “I can’t believe how easy it is to ESPY (sic) on people”
  6. I looked up ESPY, and of course, eSpying came up.
  7. They realised I knew they were there, started commenting on my looks (no green light next to camera) then said “Let’s move on”.


After that I started digging through my computer and found alias files littered on the hard drive and a bunch of scripts that I read that referenced circumnavigating Apples’ security.


New computer, new modem, new phone and number

I got a new computer, a Netgear M6, new phone and number.


Then I spoke to a Cyber Security contractor, who suggested downloading Little Snitch.


Once downloaded, I realised this computer had the same issue.


See the photos attached. I am in a legal battle, and this feels like surveillance and online stalking. I didn’t download anything until I found this ‘ghost’ usr file.


Please help me figure this out. I can barely sleep and have no idea what to do.



Installer log 4th to 5th April (these are just a few photos, it goes for about 6 hours or more)


Wi-Fi log 6th April:


I have a bunch of screen grabs from Little Snitch but going to leave those for now. I can share if required.

MacBook Air (M2, 2022)

Posted on Apr 9, 2023 11:53 PM

Reply

Similar questions

1 reply
User profile for user: Grant Bennet-Alder
Grant Bennet-Alder
User level: Level 10
140,759 points

Apr 10, 2023 7:35 AM in response to HelpMeEndThisAttack

You are chasing down symptoms.


MacOS is locked in ways that prevent arbitrary modification of System items without detection. When modifications are made, they become obvious.


Download and run this little "discovery" utility, Etrecheck. It fixes NOTHING. Its only reason to exist is to create a report of the state of your Mac, and what software has been added.


If the problems are not obvious, know that the report is deliberately pre-laundered of all personally-identifiable information, and is "safe" to post to a reply on the forums for readers to look over and assist you. Even the drive-names are obscured for your protection.


Using EtreCheck to Troubleshoot Potential… - Apple Community



.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Spyware installed on two different MacBooks

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up