HACKED - Cursor being controlled

Look at your case, battery & trackpad.

There have been similar reports of a 'hacked laptop' in the past that were actually due to expanding batteries. If the battery is failing in a serious way it can expand & put pressure on the trackpad. It causes false touches & can look like the OS is being 'remotely controlled'.

Remove the battery & test the Mac again on the mains power supply.

If your Mac was being remotely controlled you may see some activity that wasn't random otherwise it seems totally pointless.

If you use any wireless third party mice etc you should remove them & power them down, they may pick up interference from nearby devices or the Mac itself.

Disconnect all peripherals too.

Some other tests are to try safe mode (it disables their party software).

Try safe mode if your Mac doesn't finish starting up - Apple Support

Bear this in mind…

Limited graphics performance in OS X recovery or safe mode - Apple Support

You can also try booting from a system that you do not think is compromised (e.g. make a new install of OS X on another disk). If that version does not misbehave you may be correct about the remote access, but there is still the possibility of it being a software error.

Where did you download Reader from? In Finder, 'File > Get info…' on the original download, it should show the source URL. Adobe are generally reliable, other software download sites can rebundle other malware or adware with installers so never trust them. Do you remember how you installed it?

There are many popups on the internet that attempt to look like genuine updates, it is still possible that it was from an untrusted source. It depends if the dialog appeared when you expected it (e.g. when opening Reader) or if it was just associated with a webpage etc.

If using without the battery has no effect I'd suggest trying another OS installation, but that may be more work than you care to carry out. Ask if you need help.

You can also visit an Apple store if you want some other help. I suspect your model may be reaching the end of support (at least for repairs), so it may be wise to visit them sooner rather than later incase it is the hardware. Repairs will be charged for since it is out of warranty & Applecare.

There are several possible causes for this issue. Please take each of the following steps that you haven't already tried until it's resolved. Some may not apply in your case.

1. Follow the instructions in this support article, and also this one, if applicable. A damaged or defective AC adapter could be the cause, even if it's the right kind.

2. Press down all four corners of the trackpad at once and release. If there's any effect, it's likely to be temporary, and in that case the unit must be serviced or replaced.

3. Open the Bluetooth pane in System Preferences and delete all pointing devices other than the trackpad, if applicable. Disconnect any USB pointing devices. By a "pointing device," I mean a peripheral that moves the cursor, such as a trackpad, mouse, trackball, or graphics tablet. A plain keyboard is not a pointing device.

4. If your model has an infrared receiver for use with an Apple Remote, disable it.

5. Start up in safe mode and test, preferably without launching any third-party applications. If you don't have the problem in safe mode, but it comes back when you restart as usual, stop here and post your results. Do the same if you can't start in safe mode. If there was no difference in safe mode, go on to the next step.

6. Reset the System Management Controller.

7. If you're using a Bluetooth trackpad or mouse, investigate potential sources of interference, including USB 3 devices.

8. A swollen battery in a portable computer can impinge on the trackpad from below and cause erratic behavior. If you have trouble clicking the trackpad, this is likely the reason. The battery must be replaced without delay.

9. A defective peripheral device or a damaged cable can cause the built-in trackpad of a MacBook to behave erratically. If you're using any wired peripherals, disconnect them one at a time and test.

10. There's also a report of erratic cursor movements caused by an external display that was connected but not turned on.

11. If you use Handoff, disable it in the General pane of System Preferences.

12. If none of the above applies, or if you have another reason to think that your computer is being remotely controlled, remove it from the network by turning off Wi-Fi (or your Wi-Fi access point), disconnecting from a Bluetooth network link, and unplugging the Ethernet cable or USB modem, whichever is applicable. If the cursor movements stop at once, you should suspect an intrusion.

13. Make a "Genius" appointment at an Apple Store to have the machine and/or external trackpad tested.

Hello,

This happened to me twice before. Once three years ago, and then again the following year. It might be your trackpad. Does your cursor move wildly and rapidly all over the screen? Or does it look like it is carefully moving and selecting certain files and apps? If it's rapid, then it's probably your track pad.

The first time I experienced this, my cursor was moving around like crazy. I thought I was being hacked so I turned off WiFi and that solved the problem most of the time, but it would sometimes still go rogue when it was offline. The problem occurred on and off, but after experiencing this problem for a few weeks, I took it to the Apple shop and they said it was the trackpad. Then I remembered that I spilled a half of a drop of water into the side of my trackpad and I'm sure that's what messed it up. So whenever liquid was on the track pad, even a tiny drop, it would make the cursor go crazy. Even after I dry it up, it would still continue for awhile after. This also happened when I had oil on the track pad. So try cleaning it.

The second time was due to the battery expanding and pushing the trackpad up.

Hope this helps!

That is not malware!

That is a warning about a phishing email - just regular junk mail!

I suggest you read ClamXAV's FAQ number 2

http://clamxav.com/faq.php#Q2

If you delete or quarantine these files it can damage the index for your Mailbox, that is why there is the option to disable it in the ClamXAV Preferences…

'General > Scan email content for malware & phishing'.

If the issue reappears continue with Linc's other suggestions.

That is your call, but deleting files that are managed by applications with databases is risky.

I have seen valid receipts marked as 'phishing' by ClamXav, it seems to be the worst feature in the app.

Common sense will help you deal with junk email…

Disable Mails option to show images in the preferences.

Don't click links in mail that you didn't initiate e.g. password reset messages are OK but only if you requested them.

ClamXav can take you to the file in Finder where you can preview it via Quicklook (tap space bar with the file selected).

Then search for that message in Mail to delete it - it is safer to use Mails own system for deleting messages.

This feature creates more problems than it solves.

"Heuristics" means that they are from or mention a financial institution and "SpoofedDomain" means it contains hyperlink(s) that are not known to be associated with that organization and may be a phishing attempt which is attempting to obtain privacy information (e.g. UserID and Password credentials). It has not been positively identified as such, just that something about the format of one or more links is suspicious. You can see exactly where a link will take you by hovering the cursor over the underlined words or image in the e-mail. Don't click the link unless you are certain that it will take you to a legitimate site. There is a significant probability that these are legitimate e-mail messages from a financial institution that you need, so trashing them could very well be a mistake. The only way to know is to read them. There is also a distinct possibility that you or your e-mail system have already decided that they are spam / junk / phishing and they came from your Spam / Junk / Deleted Items / Trash folders, so you should always check to make certain they are not needed and then delete them before running an e-mail scan.

Minor correction MadMacs 🙂…

MadMacs0 wrote:

"Heuristics" means that they are from or mention a financial institution and "SpoofedDomain" …

'Heuristics' in this context means problem solving that is imprecise, but may be good enough…

https://en.wikipedia.org/wiki/Heuristic

If it was labelled "best guess", "possible-spoofedDomain" or something in simple language perhaps so many users would not panic & assume they are hacked/ infected etc.

Feel free to provide that recommendation to Cisco/ClamAV®, the developer of the Heuristics scan engine.

I recently experienced a very similar issue. Your computer has most likely not been hacked and you may have a simple hardware issue. Such problems can be difficult to troubleshoot, because restarting, resetting the SMC or switching off WIFI may fix the problem temporarily, but it is only coincidence.

Please see my post: Strange Trackpad Mouse Problem

In my case (Macbook Pro 2009) it was simply the Trackpad flex cable, which contacts had to be cleaned.