Hello there,
So I installed some third part software, and was RAT'ed. Downloaded Sierra from another MAC on another network to a USB. Nuked my HD and reinstalled via USB. And after a couple of weeks use, my Mac was compromised again. Heard someone say, that this could be done if the hackers had access to my network and had a really good exploit. So my question is: theres nothing to be done then?
MacBook Pro with Retina display, iOS 11.0.3
Make sure you have created network password for the service provider router and firewall box is enabled , settings should be automatic .
if you are using air port express see this article Recommended settings for Wi-Fi routers and access points - Apple Support
If NAT is enabled in service provider router then in air port express keep the setting as off bridge mode as double NAT will not work .
See some articles Choosing good passwords in Mac OS X - Apple Support
macOS Sierra: Tips for creating secure passwords
macOS Sierra: Add a password hint
In system preferences > iCloud - Keep Back to My Mac as unchecked , in system preferences > sharing > uncheck all the settings ( screen sharing , remote login ....) .
Avoid using anti - virus , cleaners , unidentified apps in the system , and change all passwords like admin password , Apple ID , I cloud , wireless network password .
Keep your Mac clean by running Malware Bytes Anti - Malware for Mac .
Dont share mail address to unknowns and don't double click on suspicious links in mails see this article Avoid phishing emails, fake 'virus' alerts, phony support calls, and other scams - Apple Support
Make sure you have created network password for the service provider router and firewall box is enabled , settings should be automatic .
if you are using air port express see this article Recommended settings for Wi-Fi routers and access points - Apple Support
If NAT is enabled in service provider router then in air port express keep the setting as off bridge mode as double NAT will not work .
See some articles Choosing good passwords in Mac OS X - Apple Support
macOS Sierra: Tips for creating secure passwords
macOS Sierra: Add a password hint
In system preferences > iCloud - Keep Back to My Mac as unchecked , in system preferences > sharing > uncheck all the settings ( screen sharing , remote login ....) .
Avoid using anti - virus , cleaners , unidentified apps in the system , and change all passwords like admin password , Apple ID , I cloud , wireless network password .
Keep your Mac clean by running Malware Bytes Anti - Malware for Mac .
Dont share mail address to unknowns and don't double click on suspicious links in mails see this article Avoid phishing emails, fake 'virus' alerts, phony support calls, and other scams - Apple Support
John Galt: If it was addressed, why is it not fixed?
???
As I wrote that particular vulnerability was addressed in an iOS update last April (as I recall). Many more were addressed in the last iOS upgrade. The most effective software defense against security vulnerabilities is to use the latest operating systems available. If you neglect to update iOS or macOS, then you will remain vulnerable to the exploits that affected those superseded versions.
The rest is up to you, and I addressed them in the User Tip.
Here is the problem you are facing: apparently, you are sharing network equipment and who knows what else with someone you may or may not trust. That is a risk that only you can decide to accept, or not. Anyone with either physical access to your network equipment (including your router or the devices that use it) or wireless access to your network (generally speaking, its wireless network password or the network device's passwords) can easily alter their settings. Although other exploits are possible, those fundamental security vulnerabilities can explain the mysterious events you described.
If you do not share that equipment, then your network is as secure from unauthorized intrusion as it is from your neighbor's or someone on the other side of the world.
This is good reading:
It's old reading, and addresses a very limited circumstance involving the possibility of having potentially malicious software installed on a Mac. Needless to say, if someone else can physically possess your Mac, even for a short period of time, anything is possible. Don't overlook more mundane means of lifting your private information, such as a hidden camera or even someone looking over your shoulder or through a window as you use your Mac. Or, writing down passwords or similarly confidential information anywhere, ever. Only you can know your cohabitation conditions so it's not possible for anyone else to be more specific.
I'm afraid I do not understand the card game or football references. Someone reading and answering an email addressed to you is obviously worrisome, but the likelihood of that is happening is zero as long you keep your devices and your confidential information secure. Otherwise, email would be a worthless communications medium.
Perhaps you will find the following useful:
macOS Sierra: Ways to keep your information safe
As that story states, that particular vulnerability was addressed months ago. Such equipment vulnerabilities and their corresponding exploits will always exist. The defense is to keep your device operating systems updated. Read Effective defenses against malware and other threats. Its concepts can be broadly applied to any communications device.
Clickbait fearmongering publications and websites will also always exist. Their purpose is to deliver targeted advertising to you.
I bought a brand new router. Have reset it multiple times.
Firmware password have one.
The hack boots before the OS. Giving the trojan access. Nuking the HD and reinstalling does not help.
Guess I have to buy a new macbook.
JimmiDanmark wrote:
Tygb. You don't have the expertise to help me. Thanks anyway 🙂
I'm going to have to disagree with your assessment of Tygb's suggestion.
A clean install would eradicate any possible outside influence your OS X install may or may not have, and the suggestion not to use AV products for Mac is widely accepted here due to the sheer volume of users who report issues with systems and when directed to remove these products the issues are longer apparent, that and AV for Mac is useless and counterproductive at this time.
A unexplained instance in a game does not translate into hacked computer, it's also a co-op game developed by Blizzard so it's not out of the question other players are gaming the system. You would need to ask Blizz.
The issue with football tickets could be an issue with their server
and emails that are read could be read from any web service that hosts emails, you don't need to hack anything on a host computer to do this. Even if you yourself or other family members have other devices that share these accounts that is another more likely explanation as a trojan is a bit more complicated.
A brand new router makes no difference to an old one, if it's not properly secure with the correct firmware to do so you have a wide open door for someone to launch an attack on your SoHo.
Hacking a router is going to be far easier than hacking a mac if that the case.
Secure your network, both wirelessly and physically, including all its equipment, from unauthorized intrusion.
The term hacking is somewhat controlling the entire computer changing the Media access control address that is not possible or remotely accessing the computer through network or manipulating IP addresses , you can hard reset the service provider router , and Airport router , avoid playing unknown games on the internet .
Also create firmware password , if the data is to be secured can use file vault .
First off, I would like to thank you John for taking me serious and helping me out with advise and suggestions. I have to excuse my somewhat bad gramma and not-so-perferct language. I’m danish and English is my secondary language.
I would like to describe the hacking scenarios in details for you to understand the actions. Please let me know if I have to elaborate on any of these. Bear in mind, this all happened on a clean usb install of Sierra. I live in a flat with my brother and a spanish girl. Both of them I trust. Only few other persons visit here, all them have no issues with me or would want to harass me in any way.
Scenario: Hacked while playing hearthstone.
Hearthstone is an app made by one of the biggest game producing companies www.blizzard.com
That being said, I doubt very much its a security flaw on their behalf. So the app is safe and also installs as an identified developer.
The game is a single instance app, meaning if I run the game on my Mac, and open it up elsewhere (eg. my iPhone) it automatically closes the first instance.
During a play session, I left clicked on the lower half of the screen as an action - 1 second later “an invisible mouse courser” moved and left clicked on another part of the screen for another action. During this time, my visible mouse courser was viewable on the lower part of the screen and no mouse clicking was done on my part. Also the action of this event in game, makes no sense, and one I would never do - cause it works against me.
Scenario: Buying football tickets online
I wanted to buy football tickets for my brother as a birthday gift. To do this you have to get in queue at the website www.dbu.dk (translated “the danish ball playing union”).
The browser im using is Chrome, and at the bottom of the this window is a bar containing a picture downloaded from iCloud.
To get in que my browser creates a cookie for this session. After waiting over an hour, I’m through the line. At this very moment, my cookie is deleted.
The page reloads. And chrome prompts me to press the “ok” button to accept a new cookie for www.dbu.dk.
A few senconds later, an invisible cursor (I presume this is whats happening) press the ok button to accept the new cookie and directly after presses the “x” button of the bottom bar containing the picture downloaded, giving me an end result of a “clean” loaded site of dbu.dk.
I did NOT move my mouse or click my keyboard, all this happened without ANY actions on my behalf.
Scenario: Skype
I didn’t mention this earlier, but one morning turning on my computer and load skype, only to see all my contacts are deleted.
I have skype installed on my macbook and iPhone. Directly after I turn of my Mac and Iphone and head to my friends apartment.
I log on to skype on his computer connected to his network. I type in the command /showplaces. The message I get now is im online on 1 macbook and 2 iOS devices. I enter the command /remotelogout and again the command /showplaces and nothing has changed, still connected to the 3 same devices. I do this multiple times with the same end result.
Now we logon to my friends skype and take the exact same steps. They show his known logged on devices and the remote logout command removes all logins.
I return to my flat and do the remote logout on my macbook, and finally now im logged out of all devices.
Either I didn't adequately explain the risks to your installation, or you did not avail yourself of the information I provided. It's probably the former.
I understand and appreciate the fact you believe your equipment has been "hacked" and I don't want to appear insensitive to that concern, but in such cases it is essential to describe the circumstances in as much excruciatingly precise detail as possible. The only actionable information you provided so far is to describe personal emails that were read by someone else. I'll get to that later. As I wrote I don't understand online card games or being cued to purchase football tickets you didn't want, but that sounds like typical advertising tactics to me. If you want to describe those events, go ahead, but please explain it to me as though I don't know the first thing about card games or football, because I don't. Write a small novel if you need to, that's OK. More information is required... much more.
Unauthorized computer access is a criminal offense in the United States and probably wherever you live. If that's the case and you want to pursue criminal charges, the first thing you should do is to immediately stop using the affected equipment because it may contain evidence in a criminal proceeding only you can decide upon. Such advice lies well beyond the scope of this technical support site. Technological support is all I can offer, but culpable parties involved in such intrusive events generally involve those close to you: future former spouses and the like. You may trust your living partners with your Macs and other stuff, but what about their friends? How well do you know and trust them? Only you can answer those questions.
So as I see it, theres 3 options:
The three options you describe are unacceptable and I think you already know that. What you may not know is that they are inadequate to protect yourself from threats, and buying a new Mac isn't going to change that one bit. Apple offers a number of ways to protect your Macs, your Apple ID, and related personal information. I encourage you to read about them. You can choose to use any or all of those methods depending on your personal needs.
If you are seeking a one size fits all magical security shield, you are not going to find it. Security is a multifaceted subject whether you're discussing computers or security in general. An effective security strategy requires multiple defenses, sometimes described as a "layered" approach. Having said that, as computing and communications products go, Apple's Macs and iPhones are the most secure consumer-grade products on the planet, by far. No one is going to hack into them very easily, not without your willing consent or through deception. Recent events covered in popular media made that abundantly clear. Also, recent events covered by popular media have also made it equally clear that people are far too willing to succumb to "phishing" scams. I addressed that. There is no product that can prevent you from doing that, but Apple provides options and tools that will prevent others from using your Apple ID without your consent. I addressed that too. Please avail yourself of those resources.
As for email: no one can read your emails without your email account information. In most cases that's as simple as a user name and password. In some cases that information was lost, stolen, or sold—by negligent, inept, or corrupt individuals, companies, or agencies. You need to look no further than the front page of just about any newspaper to find details regarding the latest scandal, often accompanied by advertisements from those very same companies promising to protect you from them. There are too many of them to enumerate. New, equally lurid scandals appear with disturbing regularity. Fortunately there are many email service providers including Apple. No one has hacked into theirs... yet.
If you follow the suggestions I posted and read the resources I provided, you will have knowledge equal to my own. No one has hacked into any of my Apple equipment, despite the fact there are plenty of people who would like to. Go ahead, make my day. I don't think that success is a matter of good fortune; there are some things I simply will not do. Allowing others to use my Macs, my iPhones or my networks are among them. There are other practices that I could discuss but I think they might be getting off track of your concerns.
You really should refrain from posting your email address on a public forum such as these where it can be harvested by hackers. I requested the Hosts edit it for your protection.
If this is the normal way you handle your personal information on the web, it might be the reason you are getting hacked.
We are a couple of people living together. So kinda hard to do 100%.
Besides, Im pretty sure they can access my iphone aswell, some really funky stuff happening.
So if anyone know some super user/ hacker. Please advise me. Could really need a break....
I'm afraid I don't have anything to add. You can live together and still keep your equipment to yourself, or you can choose to share each other's equipment.
The latter can be mutually beneficial, but of course that involves an element of risk. Only the two of you can decide upon what's best.
No worries mate.
But hopefully someone does have.
Could have been nice with some genius knowing how I am able to maintain my privacy with my expensive apple machinery.
They have also hacked my iphones remotely. Crazy such exploits are possible, this is more easy then one might think.
Tyg: Thanks but im already aware of this skill level of protection. This hack goes way beyond.
John Galt: If it was addressed, why is it not fixed?
Instead of writing a small novel, describing the numerous times if been hacked, I’ll bring the incidents since my last wipe of my MacBook Pro. HD was nuked!.
This is good reading:
https://discussions.apple.com/thread/5137562?tstart=0
But doesn’t solve my problem
What makes you think you were hacked?
Remote Access Trojan
