User profile for user: Jaiteso
Jaiteso Author
User level: Level 1
8 points

Knowing if you have RATs?

A couple of weeks ago, I got pretty paranoid about spyware, so I downloaded an anti-virus called ClamXav and after scanning, I was super releived that it said "No Infections Found." I thought that it was the end of my worries, until I found out about RATs, which gives the ability for someone to take full control of your computer from somewhere else. I went on Apple Support Communities to see if there was any way to detect if you are being spyed on from RATs, but people kept on saying "there is no way to detect RATs" and "there is nothing that you can do about it." I really should be at working today, but I've spent the whole day determined to find answers.


Literally two minutes ago, I went through my "System Preferences" and clicked on "Sharing."


This if what I found:

"Screen Sharing: Off

Screen Sharing allows users of other computers to remotely view and control this computer."


(There's a gray dot before Screen Sharing)


Plus, none of the services were on.


Because I don't have any viruses (I just checked yesterday) and everything with screen sharing is off, does it mean it's impossible for anyone to spy on me from my webcam, audio, track my keystrokes, ect?

MacBook Air, Mac OS X (10.7.5)

Posted on Mar 1, 2014 4:04 PM

Reply
6 replies
User profile for user: thomas_r.
thomas_r.
User level: Level 7
32,031 points

Mar 1, 2014 5:05 PM in response to Jaiteso

A RAT (remote access tool) is simply one kind of malware. There are also RATs that must be installed manually by someone with physical access to the machine... usually, these are legit apps to allow remote access, and some remote access capabilities are built into the system.


Now, if you are being appropriately cautious, keeping your system up-to-date and have not disabled any of the security features (such as Gatekeeper), then you'd be pretty hard-pressed to get infected with anything, unless someone malicious with physical access installed it. If you're actually running 10.7.5, as your profile indicates, you don't have Gatekeeper, so you're not quite as well protected, but still should be pretty safe.


However, the problem is that, as you say, there's really no way to be entirely sure that you don't have malware of some kind installed. It has to get there in the first place, but if you believe there has been some kind of breach in the security of your system (such as physical access by an untrusted individual or opening a suspicious application), you've got trouble. If there actually has been such a breach, only erasing the hard drive and reinstalling everything from scratch can guarantee your system is clean.


Note, though, that many people tend to get very paranoid and mis-interpret perfectly normal behavior as signs of malware. Don't fall into that trap. If you do, that can easily become a rabbit-hole that you'll never get out of.


For more info on this sort of thing, see my Mac Malware Guide.

Reply
User profile for user: Jaiteso
Jaiteso Author
User level: Level 1
8 points

Jun 26, 2015 8:16 PM in response to thomas_r.

Hi Thomas, I would like to ask if the statement in your answer "...erasing the hard drive and reinstalling everything from scratch can guarantee your system is clean." still stays true today in 2015.

I used this tutorial on youtube: https://www.youtube.com/watch?v=CE05PY75mW0

and I was wondering if this is was the process you were describing in your answer. Thank you so much and I hope that you respond back (:

Reply
User profile for user: thomas_r.
thomas_r.
User level: Level 7
32,031 points

Jun 27, 2015 4:32 AM in response to Jaiteso

Jaiteso wrote:


Hi Thomas, I would like to ask if the statement in your answer "...erasing the hard drive and reinstalling everything from scratch can guarantee your system is clean." still stays true today in 2015.


It really depends on the situation. If someone untrustworthy has had any kind of access to your computer, or if you have installed some types of malware, then yes, that is what would be necessary. On the other hand, if you've just got adware or certain more minor forms of malware, removal is pretty easy. Generally speaking, any malware that can be called a "RAT" would be something that would give the hacker remote access to your computer, and thus removal would require erasing the hard drive.


I used this tutorial on youtube: https://www.youtube.com/watch?v=CE05PY75mW0

and I was wondering if this is was the process you were describing in your answer.


Yes, that's the basic technique. Of course, you'll also want to know how to properly back up your data and then safely restore it to the new, clean system, without "dirtying" it again. See:


How to reinstall Mac OS X from scratch


(Fair disclosure: I may receive compensation from links to my sites, TheSafeMac.com and AdwareMedic.com.)

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Knowing if you have RATs?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up