I have been hacked at the core level. A bad actor has screen share and control access. I have used disk utility to erase my start up hard drive and using the remote install utility I am reinstalling Ventura. Will this clear core access and make this computer malware free?
MacBook Pro 15″, macOS 13.4
Hello producer_man,
Yes, a factory reset would remove any persistence a hacker may have on your computer. However, you will lose all data. Brining any data over could risk reintroducing the hacker's persistence method. Before factory resetting your MacBook Pro, I'd suggest the following
It's a little more advance, but Activity Monitor can be used to track unknown and unwanted applications - Activity Monitor User Guide for Mac - Apple Support. It is advised to go through this. The Network tab is usually the most interesting. Kill any process you do not recognize.
Go through the sections of Privacy & Security within the Settings app and revoke access to apps that shouldn't have certain permissions. I would be careful with:
For your scenario, I would revoke all app access to ALL of these fields.
I would suggest looking at Privacy & Security within the Settings app and going through Safety Check. Revoke access to people and apps that are utilizing privileges you believe they shouldn't have. Changing your Apple ID password and device passcodes might also be smart.
To prevent future incidents:
Hello producer_man,
Yes, a factory reset would remove any persistence a hacker may have on your computer. However, you will lose all data. Brining any data over could risk reintroducing the hacker's persistence method. Before factory resetting your MacBook Pro, I'd suggest the following
It's a little more advance, but Activity Monitor can be used to track unknown and unwanted applications - Activity Monitor User Guide for Mac - Apple Support. It is advised to go through this. The Network tab is usually the most interesting. Kill any process you do not recognize.
Go through the sections of Privacy & Security within the Settings app and revoke access to apps that shouldn't have certain permissions. I would be careful with:
For your scenario, I would revoke all app access to ALL of these fields.
I would suggest looking at Privacy & Security within the Settings app and going through Safety Check. Revoke access to people and apps that are utilizing privileges you believe they shouldn't have. Changing your Apple ID password and device passcodes might also be smart.
To prevent future incidents:
I forgot to mention, next time you believe you’re being targeting by a hacker, Lockdown Mode is an option - About Lockdown Mode - Apple Support. It’s better to turn it on when you first spot malicious activity. It should not be turned on to “boost” security as it disables a lot of core macOS features.
In addition to the excellent advice provided by the others, you may also want to read this article written by a respected forum contributor who provides tips for keeping your computer running smoothly including some security related tips to help protect both you & your computer:
Effective defenses against malware and other threats - Apple Community
I'm sorry about that!
To prevent future incidents:
Be very careful what apps you assign these privileges too
An app and a hacker can't just take control of your device. They need your consent to get access to specific parts of the MacBook. Which can be prevented. For example, I never give any app "Full Disk Access" and neither should you!
Something that you can do that's a little less drastic than a factory reset:
Download and run the free version of Malwarebytes. The site and the application will try to get you to purchase a version that does real-time protection, but running the free version might find and clean off some of the malware that you've picked up.
I can't guarantee that it will find and remove everything … some malware is really sneaky, or is so new that it might not be detected by the latest version of the program.
But on the scale that MacAddict once used to rate applications, it's "Better than poking your eye out with a sharp stick."
Your Mac does not need any sort of anti virus, cleaner, etc. No application can be downloaded and have full access to macOS. The end-user has to grant this access, which is why it’s advised to always verify you’re downloading for the legitimate website and only grant access to aspects (camera, microphone, folders and file, etc.) that you believe it needs access too. Never give anything (except Apple apps that need it) Full Disk Access.
Privacy & Security within Settings will list all apps that have permissions to various aspects of macOS. This is why it’s also recommended to go through here and revoke access to any application that you believe is abusing its permissions.
This is why the App Store is the best place to download content as it’s been vetted and approved by Apple. Obviously this is a lot harder on macOS, which is why you only download from official and known websites.
Thanks. I had tried most of the thing you mentioned but I was still having persistent issues. I erased and reinstalled Ventura and will reinstall my apps. Thank you for your help
They got into terminal and were sharing my screen. I am very very careful and this did happen. Be safe out there.
I have malwarebytes, but the integrity of terminal had been compromised and I did a clean install. thank you for your suggestion.
Will erasing you hard drive and reinstalling Ventura get rid of malware on the shelll?
