PDA

View Full Version : Concerned my Mac may be compromised



mjpatey
09-05-2017, 02:14 PM
Hi,

A couple of days ago I brought my Macbook Pro to a relative's house and connected to her wireless network. Since then I noticed Google search results in Chrome featured an unwanted group of sponsored results at the top of the page... with a tagline saying something like "RocketTab powered by Advertise". One of my Chrome extensions had gone rogue, and I isolated it, and uninstalled it. That problem disappeared.

I also ran MalwareBytes Anti-Malware, and it discovered no threats.

Today I noticed two puzzling things: Finder shows a shared device called 5cd4537q28 (number altered to protect the innocent!) which I don't recognize... and the Keychain Access window has popped up, showing the list of keys on my login keychain. It was originally unlocked when it first appeared, then I locked it, because that seemed appropriate. In addition to keys with human-readable names, I see a private key labeled with a very long string of seemingly random alphanumeric characters, which I believe was the one highlighted when I first switched to the Keychain Access window.

Any idea what's going on, and what I can do to protect my system? Thanks in advance for any light you can shed!

-Mark

chscag
09-05-2017, 03:24 PM
Welcome to our forums.

If you ran MalwareBytes Anti-Malware and it came back negative, you should be OK as far as any malware being on your MacBook Pro. If you use your MacBook Pro primarily at home, make sure you have assigned a strong password and use WPA2 encryption to access your router. If you use your MacBook Pro away from home you should access the internet through a VPN especially from places like Starbucks, hotels, motels, etc.

To further protect your system especially when away, FileVault encryption of the hard drive ensures safety of your data. However, forgetting the password when using FileVault could result in the loss of all your data. So keep that in mind.

As far as the shared device you noticed, make sure you have sharing turned off on your machine. You might be picking up a neigbor's machine that's unprotected. That's a common occurrence in apartment buildings and crowded neighborhoods. And don't worry about your keychain. As long as you have your MacBook Pro protected with a password, only you can get at the keychain data.

ferrarr
09-05-2017, 10:21 PM
I don't know which add-ones/extensions you use, but I always recommend AdBlock Plus, and Ghostery for added security. And they're available for all popular browsers.

https://adblockplus.org/
https://www.ghostery.com/

rbird2
09-07-2017, 12:03 PM
Check out the uBlock Orgin extension. It is available for Safari, Chrome, Firefox. In my opinion it is the best...

JoshRoss
09-08-2017, 08:25 AM
Will second uBlock. It is better than Adblock plus and does not show paid ads. Ghostery is a near necessity nowadays. You can run Kaspersky free scans if you are worried about potential threats, but it should be fine. Disable/remove the extensions, install uBlock and problem solved.