📰 Newsroom Update: Apple announces Apple Retail expansion in the Kingdom of Saudi Arabia

Apple is also expanding the coed Apple Foundation Program to enhance learning opportunities for more students at the Apple Developer Academy. Learn more >

You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

How to detect Keyloggers on iPhone or Mac

I recently had three email accounts hacked. I need to check for keyloggers on my Mac. I have no idea how to do that. Help?


[Re-Titled by Moderator]

iMac, macOS High Sierra (10.13.2)

Posted on Aug 29, 2018 9:26 PM

Reply
Question marked as Top-ranking reply

Posted on Aug 30, 2018 12:33 PM

There simply is no logical way to guarantee the absence of keylogging software. There are only ways to determine the presence of certain, known key loggers; and even if you were to confirm the presence of a well-known one, it could have been installed in an effort to distract you from the presence of some lesser-known one more difficult to detect or eliminate.


There are a number of ways an email account can be "hacked" ranging from the mundane (looking over your shoulder, or having a surreptitiously installed camera aimed at your iMac's display) to literally guessing common passwords, to very popular and extremely successful phishing scams, to highly sophisticated means literally impossible to detect. The latter possibility is not even worth considering unless you are a high profile target of an investigation from entities with essentially unlimited budgets (federal law enforcement agencies for example).


You might be able to determine the presence of common, well-known keyloggers by examining certain macOS system folders. The easiest way to do that is to download and run EtreCheck, which you can read about here: Using EtreCheck. Post its report in a reply to this Discussion. Just beware that even if you were to find one, eradicating it is probably not something you should consider, because that Mac would be considered evidence in a criminal investigation.


Other ways of lifting your personal information might involve snooping on your wireless network. Protecting yourself from that possibility requires protecting your wireless network and all its equipment both physically and with secure passwords... with emphasis on both the wireless network and all its equipment. Anyone with physical, hands-on access to your Mac or the router(s) it uses can use a variety of techniques to eavesdrop on what you're doing.

Really, the first thing you should do is to ask yourself who might be interested in "hacking" your personal information. The usual suspects include future former spouses... etc. Unauthorized use of a personal computer is a crime and has been for many years, so if that's your concern you need help that goes far beyond the scope of this technical support site.

22 replies
Question marked as Top-ranking reply

Aug 30, 2018 12:33 PM in response to artsygrl17

There simply is no logical way to guarantee the absence of keylogging software. There are only ways to determine the presence of certain, known key loggers; and even if you were to confirm the presence of a well-known one, it could have been installed in an effort to distract you from the presence of some lesser-known one more difficult to detect or eliminate.


There are a number of ways an email account can be "hacked" ranging from the mundane (looking over your shoulder, or having a surreptitiously installed camera aimed at your iMac's display) to literally guessing common passwords, to very popular and extremely successful phishing scams, to highly sophisticated means literally impossible to detect. The latter possibility is not even worth considering unless you are a high profile target of an investigation from entities with essentially unlimited budgets (federal law enforcement agencies for example).


You might be able to determine the presence of common, well-known keyloggers by examining certain macOS system folders. The easiest way to do that is to download and run EtreCheck, which you can read about here: Using EtreCheck. Post its report in a reply to this Discussion. Just beware that even if you were to find one, eradicating it is probably not something you should consider, because that Mac would be considered evidence in a criminal investigation.


Other ways of lifting your personal information might involve snooping on your wireless network. Protecting yourself from that possibility requires protecting your wireless network and all its equipment both physically and with secure passwords... with emphasis on both the wireless network and all its equipment. Anyone with physical, hands-on access to your Mac or the router(s) it uses can use a variety of techniques to eavesdrop on what you're doing.

Really, the first thing you should do is to ask yourself who might be interested in "hacking" your personal information. The usual suspects include future former spouses... etc. Unauthorized use of a personal computer is a crime and has been for many years, so if that's your concern you need help that goes far beyond the scope of this technical support site.

Sep 6, 2018 11:35 PM in response to artsygrl17

There are programs out there that you can get and run to see if there is a keylogger such as Easemon installed on your system. Google it. I've used one before and it worked great, and it was free.



If there is a keylogger discovered, you should be able to remove it without it's affecting your system at all. Your vulnerability would be in it's tracking your info and then emailing it to nasty people

Sep 7, 2018 12:31 PM in response to artsygrl17

artsygrl17, it is unfortunate the nature of your question has only served to draw attention away from this salient point:


artsygrl17 wrote:


My passwords will no longer allow me to be logged into my email accounts.

That in itself is insufficient reason to suspect the presence of a keylogger on your Mac. As I wrote there are no conclusive methods to guarantee the complete absence of them, so you're better off just forgetting that assumption. It will not lead to a solution.


Having prematurely drawn a conclusion you are now being advised to download and install irrelevant, useless and / or potentially malicious junk that will only lead to misery. Do not use "Google" to find a solution. It won't help. Fix the problem.


Start here: If you can't send or receive email on your Mac - Apple Support.


Its title describes the problem you need to address, and provides several fundamental reasons for email authentication failure. Exhaust those possibilities first.

Aug 30, 2018 4:25 PM in response to artsygrl17

artsygrl17 has not responded since leaving the message.


allow me to add doubt that any emails were hacked, that more likely this is a misunderstanding of use of the email apps


(always assume the customer is giving you the wrong problem and description, always make sure the problem is repeatable, then answer, is a more strict rule to follow for answering off-the-cuff questions)


however, artsygrl17, java is used on various websites. around 1998 there were released "versions of java" that allowed websites to "control the edit window" (meaning they see what you type before you press send. very likely they don't "read it").


if your concerned about suspicious apps, a route is to "restore mac to factory" (see articles on that) and only install essential (trusted) apps from App Store

Aug 31, 2018 7:34 AM in response to QuietMacFan

QuietMacFan wrote:


artsygrl17 has not responded since leaving the message.


allow me to add doubt that any emails were hacked, that more likely this is a misunderstanding of use of the email apps


(always assume the customer is giving you the wrong problem and description, always make sure the problem is repeatable, then answer, is a more strict rule to follow for answering off-the-cuff questions)


however, artsygrl17, java is used on various websites. around 1998 there were released "versions of java" that allowed websites to "control the edit window" (meaning they see what you type before you press send. very likely they don't "read it").


if your concerned about suspicious apps, a route is to "restore mac to factory" (see articles on that) and only install essential (trusted) apps from App Store

Maybe you are thinking about javascript rather than Java. Restoring a Mac to "factory" seems a little excessive to rid a computer of "suspicious apps". Because an app is in the app store does not guarantee that it is safe, good, or trusted.

Aug 31, 2018 9:21 AM in response to artsygrl17

artsygrl17 wrote:


Nobody used my computer.

I did not knowingly install any.

I'm not even sure that I ever did log into this email service on anything but my ipad.

It is then more likely that someone either acquired you email password through social engineering, or they guessed your password, or they used social engineering to get your email provider to change the password for them.

Aug 31, 2018 11:21 AM in response to artsygrl17

What is the exact message received from each email provider? Are all the email providers in the same domain? Note that Cellular data can be hacked while still in the air interface, however, it takes equipment and effort.

Is your Bluetooth transceiver activated?

Simple, simple question, is your "cap-lock" activated?

Aug 31, 2018 11:51 AM in response to Old Toad

Caps lock was not on. Can the above be run on iPad?

I did contact the provider, tutanota. I was using this particular mail because it was supposed to be more secure.

They have no recovery option and I have to answer ridiculous questions that I can't answer because I don't keep a log of every time I go in and out of an account. I have no idea the date that I opened the email accounts. I have a vague idea but it's not exact.

I also don't know the exact date of my last login. I have multiple email accounts from different providers. I don't keep track. They also want to know the amount of storage I was using and this is for all 3 accounts.

I can't know. I don't keep track of those things.

If I cannot answer the questions satisfactorily, I can't get the accounts deactivated1

I had sensitive business info on those accounts.

I'm really screwed!

Aug 31, 2018 1:09 PM in response to artsygrl17

I have no idea the date that I opened the email accounts. I have a vague idea but it's not exact.


Did you happen to run a client on your mac. You may be able to find the emails.


for the iPad, you may be able to use iExplorer to read data in the app.This may depend on what version of ios and iphone you have.

Downloads · Macroplant


I had sensitive business info on those accounts.

One year when I was doing my taxes, I found that I could get all the records back. Some else has the info.


R

How to detect Keyloggers on iPhone or Mac

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.