Keylogger from Runescape scam? Very concerned!

Absolutely no one can install anything on your Mac unless they have an Administrator account and password.

Did you provide your credentials for some unknown reason?

You probably were deceived into revealing your Runescape password, that's all, and you changed that. This was nothing more than falling victim to a phishing attempt. Nothing can prevent you from revealing personal information other than you.

There are keylogger apps that run on Macs, but unless you or someone else with physical access to your Mac deliberately downloaded and installed one, including providing the Administrator name and password that you use to log in to your Mac, then it is not possible to have a keylogger app installed on your Mac.

Absolutely no one can install anything on your Mac unless they have an Administrator account and password.

That's not true.

Did you download anything? Are any Safari extensions installed that you don't recognize? Is Java enabled in Safari?

As John Galt says, what's on your Mac is safe. What you send into cyberspace is up for grabs.

Are you saying you don't login to Runescape, or to play games?

John Galt wrote:

Absolutely no one can install anything on your Mac unless they have an Administrator account and password.

Not exactly.

That condition only exists if it's trying to gain root access or escape the priviledges of Standard User.

Code can run in any user account, even Standard User can copy a standalone program out of Applications folder and paste in Movies folder and run it.

If there is a keylogger on your machine, and your running as a Admin user, your option is to backup your files manually to to a external drive (not timemachine or clones) and disconnect all other drives.

Boot into Recovery HD (command r at boot time) or if a recent Mac use Internet Recovery (commmand option r boot) or if on 10.6, c or option key boot off the 10.6 installer disk and erase the Macintosh HD partition.

Need a wired or built in keybord for the at boot key commands.

Once finished quit and install OS X, may need your AppleID and password if you upgraded OS X, also later to reinstall your free iLife from AppStore.

Restoring your Free iLife (iPhoto, iMovie etc)

Install all programs from original verifiable sources, and lastly files from backup after verification.

They might be altered to look like files, but are trojans.

First you need to launch all your programs from the Applications folder at least once, this will give the OS X warning "you are opening this program for the first time" which you say ok, as you want this.

Next you doubleclick each file and if you get "you are opening this program for the first time" warning on any of them, it's obviously a trojan as you have already opened all your programs already, so cancel and trash the trojan.

Please provide a link to any post from someone who has found a keylogger on their Mac.

John Galt wrote:

There are keylogger apps that run on Macs, but unless you or someone else with physical access to your Mac deliberately downloaded and installed one, including providing the Administrator name and password that you use to log in to your Mac, then it is not possible to have a keylogger app installed on your Mac.

Sorry John, your wrong again. 🙂

It's certainly possible to use a Java or browser exploit to sneak code onto a Mac, even in Standard User and run it to gleam keystrokes or upload files out of a user account.

Code can run in any user account, it just only has privileges of the account it's running in and thus can't affect change outside of that unless it's given more access privileges.

Physical access and/or the Admin password will give the keylogger the ultimate root access, but it certianly can do what it needs to do right in Admin or Standard User account privildges as it's doing a basic thing, recording keystrokes that all programs do and going online with that information.

KL1207 wrote:

So I was told that this "keylogger" was somehow in a link I clicked and when I clicked on the link this allowed the person to see my keystrokes and get my password. Is this even possible? Or no.

Yes it's possible.

The link you clicked could have directed to a site that ran a browser, Java or other plug-in exploit that ran code on your machine and recorded your keystrokes.

The code might have done more than that and actually installed something on your machine.

The only way to be sure is to remove everything and start over from scratch, return user files making sure they are files ONLY and not programs that look like files.

If this is beyond your capability, then take the machine to a local PC/Mac software shop and tell them, they will know what to do as they deal with malware all the time.

Good Luck 🙂