I think I have a keylogger, passwords are being hacked, keychains passwords are being removed etc. Now I have
cleaned my disc lots of times but the issues are still coming back. I talked to a person from Apple, a former hacker who told me I had lost my ID-sic- because persons know all about me, name, where I live, street, birthday, phone number etc. Now, what am I gonna do?
I like your answers, please.
iMac (21.5-inch Mid 2011), iOS 6.1.2
It would be highly unlikely to have a key logger, even via remote desktop. What's more likely is as you were told, that some other way your information was compromised. Download and run Malwarebytes. Malwarebytes was developed by one of our own colleagues here in ASC and is about the most proven anti-malware software for Mac.
You’re posting in a user community with other Apple users and not with Apple, and a community about a Mac screen-sharing package for sites with lots and lots of Macs. This package and this community are not particularly related to keylogging nor loss of passwords or vendors that get themselves breached and expose trusted information. Not the best spot for security information.
If Keychain passwords are getting changed and if you’ve wiped and reinstalled macOS, then your local password or your Apple ID password (or security questions) or one of your reset email account passwords has probably been compromised. There are other means of ingress, though those are either more involved, or require local and direct access to your Mac hardware.
If your chosen service providers are using trivially available information as authentication, then your choices are to contact them and discourage them for that and to contact your governmental representatives about security, and potentially to select different and preferably more secure providers, or—in some cases—to provide deliberately false information to the providers that are soliciting the information electronically for authentication. If they ask for your motherks maiden name, provide some other relative’s or friend’s name, or use what amounts to a password. This lattermost case works well for services using web forms that prompt you for reset-related authentication questions. This approach doesn’t work so well if you’re forgetful.
If it’s your passwords that are being breached, that’s usually due to password reuse, or due ro passwords that have been exposed to other folks, or (when some service you’ve subscribed gets breached themselves, and sometimes both. Or passwords which are nit sufficiently complex. In the case of macOS and iOS, the password generators and Keychain work together very well for this; for picking secure and unique passwords. There are third-party add-on password managers that can work well for this task too, and with a variety of platforms.
Enable two-factor authentication on your Apple ID, and other key accounts and online services that implement that.
Don’t click on links in mail, be extremely skeptical about messages and particularly mail attachments, and don’t believe any mail is actually from the user that’s displayed. Mail is easily spoofed, and spoofed mail is one of the more common ways that folks are getting breached. Send folks a scary YOUR APPLE ID HAS BEEN BREACHED AND IS LOCKED! LOG INTO OUR (convincing fake) PORTAL AND GIVE US YOUR CREDS mail messages and ilk are quite common.
Troy Hunt’s haveibeenpwned.com site can show if your email address has been in a known breach. Never reuse that password, if so. (There are scams here, sending folks breadhed passwords as part of extortion scams, too.)
As for these ongoing breaches, contact the local police and/or your preferred legal representation for legal advice.
Again, Apple Remote Desktop can’t get you in trouble, unless you’re already in trouble with an exposed password or some other vulnerability. If they’re able to connect and use a screen-sharing package, your security is already toast.
I really should extend this reply and turn this into a user tip. Ah, well. Maybe another day.
What specific symptoms are you seeing that lead you to believe this is happening? Depending on what you're seeing, this could be due to a breach of one or more of your online accounts, and not malware installed on your Mac.
Well, that is long. However, I have been threatened on a Youtube channel, let's say by people who know all about me
It had to do with a online romance who got sour. Before it, I never had any trouble. After it , I had trouble all the time.
My passwords I either got from keychain suggestions or very weird sentences I made up myself. Now yesterday I made up a password , suggested by keychain. This morning when I wanted to log in , nothing, also the stored password in keychain was removed- looks not normal to me, so, I had to do a reset. Happens many times. I have a protonmail account, you can "starr" them . I never do that and then suddenly it was "starred". These kind of things are done very subtle like "picking up a password on Notes". What else could it be like keylogging and even more?
You can either secure all of the passwords for all of the key remote services including all mail accounts and all Apple ID accounts and for all of your local passwords, enable teo-factor, and also wipe and reinstall. If you do one without the other, then a sufficiently inclined and persistent adversary can regain access.
Or you can keep playing Whac-A-Mole with this.
Your call.
An add-on security package such as malwarebytes isn’t going to help with exposed passwords or problems with a persistent and knowledgeable adversary. And if the adversary has acces to clobber keychain, they can clobber malwarebytes, too.
Contact local police, or a local lawyer. In various jurisdictions, these sorts of shenanigans can become civil or criminal cases.
Going to the police I could do that but then who knows they will find anything? Maybe the adversary can "retreat" for awile.
But they told me before. Go to the police. My provider and Apple. Thanks for your advice.
Look at my comment.
Done that. I use Malwarebytes.
Persistent keylogger
