Persistent Ramsomware attack

Hello, the search for the term WallpaperVideoExtension, a process I found running for over 7hours on my MacBook brought me to this thread. Dear OSSHatred, I want to let you know that you are not crazy or paranoid, and I sincerely wish that people with ZERO constructive contributions would take the time to comment on some of us with security vulnerabilities questions...

Regarding your issues here's what I could decipher:

The provided logs from a macOS system primarily highlight issues with `NSXPCConnection`, sandbox restrictions, entitlements, and system functionality rather than direct evidence of ransomware or security vulnerabilities. These errors are indicative of software misconfigurations, compatibility issues, or security settings preventing applications from operating as intended.

**Key Points:**

- **NSXPCConnection Issues**: Attempts to activate NSXPCConnections to `com.apple.contactsd.persistence` failed, indicating problems with inter-process communication. This could impact functionalities relying on contact data access.

- **Sandbox Restrictions**: Errors indicate sandbox restrictions preventing access to required services, a security feature in macOS to isolate applications and prevent unauthorized data access.

- **Entitlement and Configuration**: The failures suggest potential misconfigurations or lack of necessary entitlements for accessing specific system resources or services.

- **Security Implications**: While these logs do not directly indicate ransomware or security vulnerabilities, they highlight the importance of correct system configuration and entitlements for application functionality. Ransomware or vulnerabilities typically manifest through different indicators, such as unusual network traffic, unexpected file modifications, or security alerts from antivirus software.

**Analysis**:

- The issues outlined in the logs seem to stem from system-level constraints and configurations rather than malicious activities. Sandbox restrictions and NSXPCConnection failures are common in environments where security is tightly controlled to protect user data and system integrity. These mechanisms are designed to enhance security by limiting application access to sensitive resources.

- The mention of bootstrap lookup failures, endpoint creation issues, and repeated connection activation attempts suggests problems with application-to-system communication, likely due to software misconfigurations or insufficient entitlements. These are not uncommon in software development and deployment, especially on platforms like macOS with stringent security models.

- The logs also include kernel messages related to WiFi metrics, providing context about the system's operational state but not directly related to the NSXPCConnection or sandbox issues.

**Conclusion**:

The logs provided do not show direct signs of ransomware or active security vulnerabilities. Instead, they reflect challenges related to application permissions, system configurations, and macOS's security features like sandboxing. For organizations and users, these logs underline the necessity of regular system audits, proper configuration management, and adherence to security best practices to ensure applications function correctly without compromising security.

To address such issues, reviewing application entitlements, ensuring compatibility with the latest macOS versions, and adjusting sandbox configurations as necessary are recommended steps. Continuous monitoring for unusual system behavior and maintaining up-to-date security solutions are also critical for early detection and mitigation of potential security threats.

Forget delving into system logs. The information you posted is not indicative of any intrusive event nor can they be used for that purpose.

Instead, read and follow Apple's recommendations, here: If you think your Apple ID has been compromised - Apple Support

Reading system logs without a specific target in mind is the path to Madness.

There is so much junk in there, you could use those logs to prove ANYTHING, and also the prove the reverse of the previous assertion.

if you have Gross symptoms, please tell us about your symptoms.

MacOS now uses a separate locked, signed system volume that is un-writeable and crypto-locked. Any changes to it are detected within seconds. it is extremely difficult to hack. Applications are all signed and sand-boxed when they execute.

There is no threat from ordinary hackers, Unless you are an international activist, or major political figure. If you are, Nation-state level attacks cannot be ruled out.

Ransomware will demand money to unlock your computer.

If that's not happening, you don't have ransomware. It's named "ransom" because the perpetrator is holding your computer hostage until you pay up.

I have had the same problems that OSSHatred described above, and more, my macbook have all these weird PasswordBreachAgent; smbd; webinspector; webpushd; safaridriver;AuthentificationServicesAgent;PasswordManagerBrowserExtensionHelper;

all those require full disk access.

I even replace my macbook and still have the problem with the new one. My Iphone had a bunch of extrange files installed there which I deleted and now I do not know what else to do

I have had your same problem, but I did installed my google account (actually my apple ID was my gmail account) by now I already change my email account to a new one, got a new MacBook and the problem persist. read my post below, because I have a bunch of weird apps requesting full access to my disk and same as you I am not comfortable with it. My new Macbook is just few days old now I do not have anything in the ICloud other than what is necessary even considering to return it and just swith to android if I can not get rid of this weird remote agent. It seems to be something related to the ARDagent per what I have researched.

Unless you are highly skilled developer, looking at log entries is a complete waste of your time. Even Apple uses a proprietary app to turn that mess into something a human can make sense of.