I think "Samuri" started this post and everyone thought he was "Crazy"... but the fact of the matter is there are certinaly all types of malware for Macs. Most don't encounter these as they are most often target / limited attacks.
I will give a quick example and if anyone can explain this to me or has had a similiar experience I would love to hear back!! .....
So I have about 6 macs for my current and past business. Plus I always love grabbing the newest technology. That said this "Problem" occurs with every Mac I own. Even to a brand new MBP Retina that no one has had access to. I keep Firmware PW's on, I only use Eithernet connections, I have a $600 Hardware Firewall configured to let nothing in (No VPN's, etc)... obviously have sharing off, **** I don't even use Bluetooth.
Anyway when I wipe the drive I do it like this...
1.) Take out both the MAC HD and Recovery Partion....
2.) I have 50 MBPS Download Speed so Internet Recovery is very quick. I go through the normal process.
3.) Once I have reached the new recovery partition from the Internet Recovery I partion the SSD a couple times in different formats and then go back to the normal Journaled that I will be using for my single partioned SSD
4.) Then I install and go through all the normal steps, expect I skip everything that I can. I don't add location services, I set time manually and I don't sign into iCloud as this will be my Admin Account. I normally just call the account Main or Admin.
5.) I check for updates and install any that might have not been included in the most recent Internet Recovery.
6). In the Admin Account I set a tough PW and then begin with all the security options. Again all sharing off, Firewall on, Wifi Off and requires Admin Access to Turn on, No Peer-to-Peer Networking without Admin Access, Bluetooth Off, Java and Extensions turned off in Safari, etc. You name it I have done it as far as the GUI goes. I am certainly no expert in Terminal, but can make my way around for some things.
7.) I create a Standard Account "The one in which I will conduct 99% of my business in." Again I create a strong PW for this account and confirm that the security settings that I setup in Admin match those of my Standard Account.
HERE IS WHERE THINGS GO WRONG...
8.) I go into options and login to icloud.
HERE IS WHERE IT IS ABSOULETLY WRONG...
911) I login to the apple store as I want to dowlonad some of the simple apps so I can go to work. IMMEDIATELY, it starts downloading a program called "Mountain" ... please don't confuse this with Mountain Lion (You can see it listed second in the APP Store search "Mountain")... when I look down at my Launchpad bar without hitting anything the 2.1MB file is downoading and then dissapears from my launchpad.
** Also as this is going on "storeagent" with the linux exec box icon next to it shows up saying "storeagent is attempting to install software to your computer" It does ask the for Admin User and PW, but no matter what I hit this "Mountain APP" downloads.
When I first noticed this I thought this was legit, well it certainly is not. I have never purchaed that "APP" however it does show up in my APP store Purchaes. The gateway is obviously not doing it's job and FURTHERMORE I don't have any of the options to "Automatically Download New Apps, etc." I simply just check for updates manually everyday as it is a 2 second process and Mounain Lion doesnt check automatically until every 7 days.
Sorry for the long post... Anyway experiencing the same thing? I can redo my drive over and over again... I have ever purchased a new Mac Book Air a year ago to see if it would happen and the problems eventually started and fairly quickly. The weird thing also is that I have done wipes and renistalls in all sorts of different locations.
So all this said... how could it not be in the EFI or on the machine some how?
Thanks guys... I hope someone has experienced a similiar experince!!! .... as the Mac Store and Apple Care have been of no help!! ... and with a problem like this I think it is way above a level 2 Mac specialist head 😉