Compromised Mac

Joined
Feb 11, 2014
Messages
3
Reaction score
0
Points
1
Hopefully the post monitor snobs allow this to be posted in this forum. I can't post it to Security Awareness.

I recently had to reinstall everything on my Mac Book Pro and iPhone because I had thought I picked up a keystroke logger virus from a link I cut and paste into Safari from a troll box on a crypto coin trading site. Short of the shady management and operations of the site owner and admins the crypto coin exchange site will remain unnamed. The reason I think I had a logger is because, I was logged into the crypto exchange and someone was able to log into my account and boot me off while I was logged in. They started to sell off my crypto coins. So to be safe I backed up necessary files and wiped my hard drive clean with a reinstall of both my Mac Book Pro and my iPhone. Is there a way to double check my Mac is clean and how do I use my Mac to double check thumb drives that are potentially infected. I want to make sure my laptop is clean before I plug in my iPhone and co-mingle everything again. Thank you.
 

Slydude

Well-known member
Staff member
Moderator
Joined
Nov 15, 2009
Messages
17,596
Reaction score
1,072
Points
113
Location
North Louisiana, USA
Your Mac's Specs
M1 MacMini 16 GB - Ventura, iPhone 14 Pro Max, 2015 iMac 16 GB Monterey
Not sure why you couldn't post this here or what is meant by "post monitor snobs". The site was a little balky when I tried to move the post so maybe things are being a bit slow tonight.

As far as your question is concerned I'll have to leave a thorough answer to folks more well-versed in this area than I am. One possibility that occurs to me is that the password wasn't swiped by a key logger on your Mac but by other means such as gaining the information from the site you were going to or via a "man in the middle attack".
 
C

chas_m

Guest
1. Malware ≠ virus.

2. I suspect this covers exactly what happened to you: Briefly: Thunderbolt RAID storage, OS X Bitcoin Trojan Horse theft | Electronista (scroll down a bit) ... (outdated link removed)

3. Trojans are also not viruses.
 
OP
D
Joined
Feb 11, 2014
Messages
3
Reaction score
0
Points
1
fix?

So how do I fix my problem? I did what I thought was a complete reinstall of my os. I'm still experiencing problems at the exchanges and other areas. This problem is really frustrating and a huge impairment. The problems I'm experiencing are logins at Cryptsy. I have also experienced the same problem at MTGox with their "green" address bar. There is a green security text that is supposed to appear in the address bar. The green text is not always present which leads me to think the trojan is still present or I'm part of some sort of man in the middle attack. What are some of the other possibilities and fixes to the problems I'm having. Most important what are my fix options. Mirroring?
 

bobtomay

,
Retired Staff
Joined
Dec 22, 2006
Messages
26,561
Reaction score
677
Points
113
Location
Texas, where else?
Your Mac's Specs
15" MBP '06 2.33 C2D 4GB 10.7; 13" MBA '14 1.8 i7 8GB 10.11; 21" iMac '13 2.9 i5 8GB 10.11; 6S
... The problems I'm experiencing are logins at Cryptsy.

What sort of problem?
If someone has guessed your password and logged into your account, have you used the 'Forgot Password' link in the log in box to have your password reset and have an email sent to you?

If someone did guess your password - wiping your machine would do nothing to cause them to forget that password.

I have also experienced the same problem at MTGox with their "green" address bar. There is a green security text that is supposed to appear in the address bar. The green text is not always present ...

I've run into very few sites that have "every" page on their site encrypted. You would need to ask MTGox about any particular pages and whether they should be appearing encrypted.
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top