My MacBook Air is under a MITM attack??!

Question

Level 1

4 points

My MacBook Air is under a MITM attack??!

Hi, I’m sort of panicking right now because I’m on a 6 hour bus ride and I think my computer may be compromised.

I was at a bus terminal and for just approximately five minutes was trying to download music with Spotify for offline listening. There was a wifi network open and me and my friend connected with our macs, and the connection was super fast, almost impossibly fast which we didn’t doubt at all.

We board the bus right after, I open my laptop and see these error messages from 2 apps; Spotify and Calendar. I disconnect from the wifi and just turn off wifi and bluetooth because there was also a galaxy s6 trying to connect to my mac? which I believe probably was a mistake.. Anyways I’ve just used my friend’s iPhone to disconnect all cards from my PayPal account just in case, and am posting this on her phone because I’m scared to connect my Mac to the internet. The other error message I will post as a reply. What do you think?!? Have I been hacked? What can I do? Also somehow I can’t log in to forums using my main Apple ID, so I’m using a second one. I hope nothing serious happened..

Posted on Jul 10, 2018 7:05 PM

Reply

Answer 1

thomas_r.

Level 7

32,061 points

Jul 17, 2018 12:43 PM in response to coolmichelle

I suspect that you connected to a malicious wifi network. The intent would have likely been phishing attacks, by directing you to malicious domains pretending to be the real thing. The good news is that this by itself would not have infected your Mac. The bad news is that it could have captured any data you transmitted while connected to that network.

If you're still seeing the effects when you're no longer connected to that network, and are connected to a legitimate network, then you probably need to restart the computer to flush any cached network settings.

I don't see anything I can immediately identify as malicious on your computer, but there's a lot of stuff I'm not familiar with, so I can't say for sure. I can say that PUP.MPlayerX would not have caused this problem... that's just junk software.

Reply

Answer 2

Eric Root

Level 10

685,763 points

Jul 10, 2018 7:43 PM in response to coolmichelle

Download this program which was written by Thomas Reed, a long time poster. The program will do the work for you which makes it easy. There is no reason to leave it installed once troubleshooting is finished. The free version doesn't update itself. If you need it again, you can download it again.

Malwarebytes Anti-Malware for Mac 10.10 and later

Malwarebytes uninstall

If that doesn't find anything, try running this program in your normal user account, then copy and paste the output in a reply. The program was created by etresoft, a frequent contributor. Please use copy and paste as screen shots can be hard to read. Click “Share Report” button in the toolbar, select “Copy Report” and then paste into a reply. This will show what is running on your computer. No personal information is shown. You can run the report for free at least once, but if you run it several times, at some point it will ask you to pay a license fee.

Etrecheck – System Information

Reply

Answer 3

coolmichelle Author

Level 1

4 points

Jul 11, 2018 2:13 AM in response to Eric Root

EtreCheck version: 4.3.4 (4D037)

Report generated: 2018-07-11 11:11:13

Download EtreCheck from https://etrecheck.com

Runtime: 2:42

Performance: Excellent

Problem: Other problem

Description:

My MacBook might be under a MITM attack; various alerts that it cannot verify the identity of the server have arisen

Major Issues:

Anything that appears on this list needs immediate attention.

No Time Machine backup- Time Machine backup not found.

Unsigned files- There are unsigned software installed that could be adware and should be reviewed.

More than one antivirus app- This machine has multiple antivirus apps installed.

Minor Issues:

These issues do not need immediate attention but they may indicate future problems.

High battery cycle count- Your battery may be losing capacity.

Apps with heavy CPU usage- There have been numerous cases of apps with heavy CPU usage.

System modifications- There are a large number of system modifications running in the background.

32-bit Apps- This machine has 32-bits apps that may have problems in the future.

Hardware Information:

MacBook Air (11-inch, Early 2015)

MacBook Air Model: MacBookAir7,1

1 1.6 GHz Intel Core i5 (i5-5250U) CPU: 2-core

4 GB RAM - Not upgradeable

BANK 0/DIMM0 - 2 GB DDR3 1600 ok

BANK 1/DIMM0 - 2 GB DDR3 1600 ok

Battery: Health = Normal - Cycle count = 874

Video Information:

Intel HD Graphics 6000 - VRAM: 1536 MB

Color LCD 1366 x 768

Drives:

disk0 - APPLE SSD AP0256H 251.00 GB (Solid State - TRIM: Yes)

Internal PCI-Express 5.0 GT/s x4 NVM Express

disk0s1 - EFI [EFI] 315 MB

disk0s2 - C******r [Core Storage Container] 250.04 GB

disk1 - Macintosh HD (Journaled HFS+) 249.68 GB

disk0s3 - Recovery HD [Recovery] 650 MB

Mounted Volumes:

disk1 - Macintosh HD 249.68 GB (33.77 GB free)

Journaled HFS+

Mount point: /

Encrypted

Network:

Interface usbmodem1420: MT65xx Preloader

Interface en0: Wi-Fi

802.11 a/b/g/n/ac

One IPv4 address

Interface en3: iPhone

Interface en2: Bluetooth PAN

Interface bridge0: Thunderbolt Bridge

System Software:

OS X El Capitan 10.11.6 (15G17023)

Time since boot: About a day

System Load: 1.67 (1 min ago) 2.32 (5 min ago) 2.44 (15 min ago)

Configuration Files:

/etc/hosts - Count: 6

Security:

System	Status
Gatekeeper	Mac App Store and identified developers
System Integrity Protection	Enabled

Unsigned Files:

Launchd: /Library/LaunchAgents/com.unet.trustnetcert.plist

Executable: /Applications/TrustNetCert.app/Contents/MacOS/TrustNetCert