Results 1 to 12 of 12
  1. #1

    Dillinger-63's Avatar
    Member Since
    Feb 25, 2006
    Location
    Streator, Illinois
    Posts
    643
    Specs:
    MacBook Pro 13 Inch, 2 Mac Mini's 1.66 & 1.83, 2- iMac Intel i3 iPhone 4 & iPad 2 32 gig.
    Hacked WoW account: Keylogger
    My son's World of Warcraft account was hacked by a keylogger on our iMac Intel. I'm thinking it came through via an add-on. Anyway I have tried 3 different programs to try and find and eradicate this little booger, but to no avail. So far I have used MacScan 2, iAntivirus and ClamXav, but none of them have found anything. The reason we know there is a keylogger installed is he changed his password and that very night he was hacked again. In fact one of his fellow guildies asked him what he was doing on so late knowing he had school the next day, and the hacker told him to "expletive deleted". Nich hacker huh? I'm open to suggestions but I realize I may have to format the HD and do a fresh OS install.
    My Avatar is in memory of my beloved K-9,
    Dillinger who was killed in the line of duty.

  2. #2
    todd51
    Guest
    Hmm, that's too bad. I'm assuming there is nothing suspicious showing up in the Activity Monitor?

    I know some people who have used LogKext Keylogger to catch their roommates using their computer for inappropriate material. This keylogger runs in the Terminal so it's hard to find. Here is some information on it. You could try some of the Terminal commands to see if it's installed.

    logKext keylogger

  3. #3

    dtravis7's Avatar
    Member Since
    Jan 04, 2005
    Location
    Modesto, Ca.
    Posts
    28,906
    Specs:
    iMac 2010 27" QuadI7 OSX10.11, iMac 2008 OSX10.11, MBP Late2011OSX10.11 , iPad Air, iPhone 3GS
    I am not a large fan of WOW or Everquest type games so am just guessing here, but I am wondering if there might be a way to get the password off the server that hosts WOW? Just a guess in case you can not find anything on your sons Mac.

    I have never heard of OSX being hacked and a key logger being installed remotely. I doubt that would be possible without user interaction.

  4. #4

    Dillinger-63's Avatar
    Member Since
    Feb 25, 2006
    Location
    Streator, Illinois
    Posts
    643
    Specs:
    MacBook Pro 13 Inch, 2 Mac Mini's 1.66 & 1.83, 2- iMac Intel i3 iPhone 4 & iPad 2 32 gig.
    Quote Originally Posted by dtravis7 View Post
    I am not a large fan of WOW or Everquest type games so am just guessing here, but I am wondering if there might be a way to get the password off the server that hosts WOW? Just a guess in case you can not find anything on your sons Mac.
    He has contacted Blizzard Entertainment and they will work with him to restore his toon and account, but if I can't get the keylogger off my system he will just get hacked again. Apparently a keylogger tracks everything you type on your computer, which is scary because we also use Quicken. Then the hacker has a way to follow what you input on your keyboard and steal your password and login information.
    My Avatar is in memory of my beloved K-9,
    Dillinger who was killed in the line of duty.

  5. #5

    dtravis7's Avatar
    Member Since
    Jan 04, 2005
    Location
    Modesto, Ca.
    Posts
    28,906
    Specs:
    iMac 2010 27" QuadI7 OSX10.11, iMac 2008 OSX10.11, MBP Late2011OSX10.11 , iPad Air, iPhone 3GS
    What I was asking is there a way the hacker could be hacking the Blizzard servers and getting the info that way?

  6. #6

    Dillinger-63's Avatar
    Member Since
    Feb 25, 2006
    Location
    Streator, Illinois
    Posts
    643
    Specs:
    MacBook Pro 13 Inch, 2 Mac Mini's 1.66 & 1.83, 2- iMac Intel i3 iPhone 4 & iPad 2 32 gig.
    Quote Originally Posted by todd51 View Post
    Hmm, that's too bad. I'm assuming there is nothing suspicious showing up in the Activity Monitor?

    I know some people who have used LogKext Keylogger to catch their roommates using their computer for inappropriate material. This keylogger runs in the Terminal so it's hard to find. Here is some information on it. You could try some of the Terminal commands to see if it's installed.

    logKext keylogger
    I'll give that a shot, but I would still like to know for sure how it got on this machine, especially hearing how "safe" Mac's are to this kind of stuff.
    My Avatar is in memory of my beloved K-9,
    Dillinger who was killed in the line of duty.

  7. #7

    mdfuller's Avatar
    Member Since
    Nov 01, 2007
    Location
    Sconie
    Posts
    1,217
    Specs:
    15-inch MacBook Pro
    Quote Originally Posted by Dillinger-63 View Post
    I'll give that a shot, but I would still like to know for sure how it got on this machine, especially hearing how "safe" Mac's are to this kind of stuff.
    I am confused. Are you positive there is a keylogger on your Mac? I agree with dtravis7. I am guessing the problem is somewhere else. This happens all the time. I don't think a Mac being "safe" has anything to do with it. Just my two cents.

  8. #8

    Dillinger-63's Avatar
    Member Since
    Feb 25, 2006
    Location
    Streator, Illinois
    Posts
    643
    Specs:
    MacBook Pro 13 Inch, 2 Mac Mini's 1.66 & 1.83, 2- iMac Intel i3 iPhone 4 & iPad 2 32 gig.
    Quote Originally Posted by dtravis7 View Post
    What I was asking is there a way the hacker could be hacking the Blizzard servers and getting the info that way?
    Although possible, according to an email I received from their tech support this has been an ongoing issue with Windows and you can install AdAware or SpyBot Search & Destroy to clean the kyelogger out, but this just recently became very active on Mac's.

    Quote Originally Posted by mdfuller View Post
    I am confused. Are you positive there is a keylogger on your Mac? I agree with dtravis7. I am guessing the problem is somewhere else. This happens all the time. I don't think a Mac being "safe" has anything to do with it. Just my two cents.
    After doing a bit of Googling, apparently this is becoming quite a problem on Mac's whereas a trojan keylogger is sneaking in by way of an attachment on a "Greeting Card". According to some of the reading I have been doing, this is NOT a virus, but more of a tracking cookie, and one that records what ever you type.
    My Avatar is in memory of my beloved K-9,
    Dillinger who was killed in the line of duty.

  9. #9

    iWhat's Avatar
    Member Since
    Nov 11, 2004
    Location
    Toledo, Ohio
    Posts
    5,736
    Specs:
    Macbook, iMac G5, iPad, iPhone 4, iPod (MANY)!
    At this point, the best end all be all is investing in an Authenticator. Either through an iPhone/iPod touch app (free) or the keychain ($6.50).

    He should also stick to downloading his addons from reputable sites such as:
    Curse.com - WoW Addons WAR Addons Gamer Blogs Forums
    WoWInterface - Find World of Warcraft AddOns!

    They actually go through all the addons to check for keyloggers before approval upon letting users download the addons. Any other site, he should check their policies, if they do the same. Some stand alone addon sites are safe, but they also upload their addons to these sites, such as Auntioneer and Deadly Boss Mods.

    One other thing, I'm sure your son may know about this. If he receives any email or whispers in-game asking to give up his account info for a chance at in-game items, those are for sure account hackers. Those scams usually offer in-game mounts most of the time.

  10. #10

    Eric559's Avatar
    Member Since
    Jul 18, 2007
    Location
    Central California
    Posts
    3,185
    Specs:
    2.16GHz C2D MacBook w/ 2GB RAM & 120GB HD. HTC Droid Incredible.
    Don't think just because you have a Mac you are safe. Keyloggers are on both Macs and Windows PCs. There are also hardware keyloggers that can be attached to a system.

    Even if a keylogger was installed it most likely needed an Admin password to install. You son would of had to input the password for the install to even begin. Try a program like Little Snitch and monitor the outgoing connections and see if you can notice anything abnormal.
    Member Of The Month for December '08.
    It's only the internet!

  11. #11

    Dillinger-63's Avatar
    Member Since
    Feb 25, 2006
    Location
    Streator, Illinois
    Posts
    643
    Specs:
    MacBook Pro 13 Inch, 2 Mac Mini's 1.66 & 1.83, 2- iMac Intel i3 iPhone 4 & iPad 2 32 gig.
    Quote Originally Posted by iWhat View Post
    At this point, the best end all be all is investing in an Authenticator. Either through an iPhone/iPod touch app (free) or the keychain ($6.50).

    He should also stick to downloading his addons from reputable sites such as:
    Curse.com - WoW Addons WAR Addons Gamer Blogs Forums
    WoWInterface - Find World of Warcraft AddOns!

    They actually go through all the addons to check for keyloggers before approval upon letting users download the addons. Any other site, he should check their policies, if they do the same. Some stand alone addon sites are safe, but they also upload their addons to these sites, such as Auntioneer and Deadly Boss Mods.

    One other thing, I'm sure your son may know about this. If he receives any email or whispers in-game asking to give up his account info for a chance at in-game items, those are for sure account hackers. Those scams usually offer in-game mounts most of the time.
    As far as I know he uses WoW Matrix, but I will check closer on that. I never thought about him giving his password info out for a chance to win something, but even if he did how could the hacker log back into his account after he changed both his password and contact email? Again, I will be talking to him about this. I am also being very weary of what I do with my own WoW account as this is a game he and I play every Friday night together. Thanks for the info.

    Quote Originally Posted by Eric559 View Post
    Don't think just because you have a Mac you are safe. Keyloggers are on both Macs and Windows PCs. There are also hardware keyloggers that can be attached to a system.

    Even if a keylogger was installed it most likely needed an Admin password to install. You son would of had to input the password for the install to even begin. Try a program like Little Snitch and monitor the outgoing connections and see if you can notice anything abnormal.

    Good info on getting Little Snitch. As far as the Admin, password he doesn't know it because when he comes home from school, and after all homework and chores are done he asks the wife or me to "unlock the computer" as it is password protected.
    My Avatar is in memory of my beloved K-9,
    Dillinger who was killed in the line of duty.

  12. #12

    Dillinger-63's Avatar
    Member Since
    Feb 25, 2006
    Location
    Streator, Illinois
    Posts
    643
    Specs:
    MacBook Pro 13 Inch, 2 Mac Mini's 1.66 & 1.83, 2- iMac Intel i3 iPhone 4 & iPad 2 32 gig.
    Update: MacScan found the Trojan and removed it. I also downloaded the free iPhone app from Blizzard called - Authenticator, that generates a random code that you must enter with a certain amount of time. This should help in securing the WoW account. Thanks to all for their suggestions.
    My Avatar is in memory of my beloved K-9,
    Dillinger who was killed in the line of duty.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. I think my account's been hacked
    By SFBloodBrother in forum iOS and Apps
    Replies: 4
    Last Post: 06-29-2012, 11:07 PM
  2. email account hacked, what to do?
    By spikedds in forum OS X - Operating System
    Replies: 4
    Last Post: 11-23-2011, 11:57 AM
  3. Hacked iTunes account
    By marcopolo in forum Schweb's Lounge
    Replies: 5
    Last Post: 10-30-2011, 09:16 AM
  4. Ebay account was hacked
    By ace.13unibody in forum Schweb's Lounge
    Replies: 9
    Last Post: 11-07-2010, 03:13 PM
  5. WoW account hacked through my Mac
    By Francis31 in forum OS X - Operating System
    Replies: 4
    Last Post: 06-15-2009, 07:23 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •