Hacked WoW account: Keylogger

Joined
Feb 25, 2006
Messages
643
Reaction score
19
Points
18
Location
Streator, Illinois
Your Mac's Specs
MacBook Pro 13 Inch, 2 Mac Mini's 1.66 & 1.83, 2- iMac Intel i3 iPhone 4 & iPad 2 32 gig.
My son's World of Warcraft account was hacked by a keylogger on our iMac Intel. I'm thinking it came through via an add-on. Anyway I have tried 3 different programs to try and find and eradicate this little booger, but to no avail. So far I have used MacScan 2, iAntivirus and ClamXav, but none of them have found anything. The reason we know there is a keylogger installed is he changed his password and that very night he was hacked again. In fact one of his fellow guildies asked him what he was doing on so late knowing he had school the next day, and the hacker told him to "expletive deleted". Nich hacker huh? I'm open to suggestions but I realize I may have to format the HD and do a fresh OS install.
 
T

todd51

Guest
Hmm, that's too bad. I'm assuming there is nothing suspicious showing up in the Activity Monitor?

I know some people who have used LogKext Keylogger to catch their roommates using their computer for inappropriate material. This keylogger runs in the Terminal so it's hard to find. Here is some information on it. You could try some of the Terminal commands to see if it's installed.

logKext keylogger
 

dtravis7


Retired Staff
Joined
Jan 4, 2005
Messages
30,133
Reaction score
703
Points
113
Location
Modesto, Ca.
Your Mac's Specs
MacMini M-1 MacOS Monterey, iMac 2010 27"Quad I7 , MBPLate2011, iPad Pro10.5", iPhoneSE
I am not a large fan of WOW or Everquest type games so am just guessing here, but I am wondering if there might be a way to get the password off the server that hosts WOW? Just a guess in case you can not find anything on your sons Mac.

I have never heard of OSX being hacked and a key logger being installed remotely. I doubt that would be possible without user interaction.
 
OP
Dillinger-63
Joined
Feb 25, 2006
Messages
643
Reaction score
19
Points
18
Location
Streator, Illinois
Your Mac's Specs
MacBook Pro 13 Inch, 2 Mac Mini's 1.66 & 1.83, 2- iMac Intel i3 iPhone 4 & iPad 2 32 gig.
I am not a large fan of WOW or Everquest type games so am just guessing here, but I am wondering if there might be a way to get the password off the server that hosts WOW? Just a guess in case you can not find anything on your sons Mac.

He has contacted Blizzard Entertainment and they will work with him to restore his toon and account, but if I can't get the keylogger off my system he will just get hacked again. Apparently a keylogger tracks everything you type on your computer, which is scary because we also use Quicken. Then the hacker has a way to follow what you input on your keyboard and steal your password and login information.
 

dtravis7


Retired Staff
Joined
Jan 4, 2005
Messages
30,133
Reaction score
703
Points
113
Location
Modesto, Ca.
Your Mac's Specs
MacMini M-1 MacOS Monterey, iMac 2010 27"Quad I7 , MBPLate2011, iPad Pro10.5", iPhoneSE
What I was asking is there a way the hacker could be hacking the Blizzard servers and getting the info that way?
 
OP
Dillinger-63
Joined
Feb 25, 2006
Messages
643
Reaction score
19
Points
18
Location
Streator, Illinois
Your Mac's Specs
MacBook Pro 13 Inch, 2 Mac Mini's 1.66 & 1.83, 2- iMac Intel i3 iPhone 4 & iPad 2 32 gig.
Hmm, that's too bad. I'm assuming there is nothing suspicious showing up in the Activity Monitor?

I know some people who have used LogKext Keylogger to catch their roommates using their computer for inappropriate material. This keylogger runs in the Terminal so it's hard to find. Here is some information on it. You could try some of the Terminal commands to see if it's installed.

logKext keylogger

I'll give that a shot, but I would still like to know for sure how it got on this machine, especially hearing how "safe" Mac's are to this kind of stuff.
 
Joined
Nov 1, 2007
Messages
1,217
Reaction score
34
Points
48
Location
Sconie
Your Mac's Specs
15-inch MacBook Pro
I'll give that a shot, but I would still like to know for sure how it got on this machine, especially hearing how "safe" Mac's are to this kind of stuff.

I am confused. Are you positive there is a keylogger on your Mac? I agree with dtravis7. I am guessing the problem is somewhere else. This happens all the time. I don't think a Mac being "safe" has anything to do with it. Just my two cents.
 
OP
Dillinger-63
Joined
Feb 25, 2006
Messages
643
Reaction score
19
Points
18
Location
Streator, Illinois
Your Mac's Specs
MacBook Pro 13 Inch, 2 Mac Mini's 1.66 & 1.83, 2- iMac Intel i3 iPhone 4 & iPad 2 32 gig.
What I was asking is there a way the hacker could be hacking the Blizzard servers and getting the info that way?

Although possible, according to an email I received from their tech support this has been an ongoing issue with Windows and you can install AdAware or SpyBot Search & Destroy to clean the kyelogger out, but this just recently became very active on Mac's.

I am confused. Are you positive there is a keylogger on your Mac? I agree with dtravis7. I am guessing the problem is somewhere else. This happens all the time. I don't think a Mac being "safe" has anything to do with it. Just my two cents.

After doing a bit of Googling, apparently this is becoming quite a problem on Mac's whereas a trojan keylogger is sneaking in by way of an attachment on a "Greeting Card". According to some of the reading I have been doing, this is NOT a virus, but more of a tracking cookie, and one that records what ever you type.
 

iWhat

,
Joined
Nov 11, 2004
Messages
5,736
Reaction score
164
Points
63
Location
Toledo, Ohio
Your Mac's Specs
Macbook, iMac G5, iPad, iPhone 4, iPod (MANY)!
At this point, the best end all be all is investing in an Authenticator. Either through an iPhone/iPod touch app (free) or the keychain ($6.50).

He should also stick to downloading his addons from reputable sites such as:
Curse.com - WoW Addons WAR Addons Gamer Blogs Forums
WoWInterface - Find World of Warcraft AddOns!

They actually go through all the addons to check for keyloggers before approval upon letting users download the addons. Any other site, he should check their policies, if they do the same. Some stand alone addon sites are safe, but they also upload their addons to these sites, such as Auntioneer and Deadly Boss Mods.

One other thing, I'm sure your son may know about this. If he receives any email or whispers in-game asking to give up his account info for a chance at in-game items, those are for sure account hackers. Those scams usually offer in-game mounts most of the time.
 
Joined
Jul 18, 2007
Messages
3,184
Reaction score
93
Points
48
Location
Central California
Your Mac's Specs
2.16GHz C2D MacBook w/ 2GB RAM & 120GB HD. HTC Droid Incredible.
Don't think just because you have a Mac you are safe. Keyloggers are on both Macs and Windows PCs. There are also hardware keyloggers that can be attached to a system.

Even if a keylogger was installed it most likely needed an Admin password to install. You son would of had to input the password for the install to even begin. Try a program like Little Snitch and monitor the outgoing connections and see if you can notice anything abnormal.
 
OP
Dillinger-63
Joined
Feb 25, 2006
Messages
643
Reaction score
19
Points
18
Location
Streator, Illinois
Your Mac's Specs
MacBook Pro 13 Inch, 2 Mac Mini's 1.66 & 1.83, 2- iMac Intel i3 iPhone 4 & iPad 2 32 gig.
At this point, the best end all be all is investing in an Authenticator. Either through an iPhone/iPod touch app (free) or the keychain ($6.50).

He should also stick to downloading his addons from reputable sites such as:
Curse.com - WoW Addons WAR Addons Gamer Blogs Forums
WoWInterface - Find World of Warcraft AddOns!

They actually go through all the addons to check for keyloggers before approval upon letting users download the addons. Any other site, he should check their policies, if they do the same. Some stand alone addon sites are safe, but they also upload their addons to these sites, such as Auntioneer and Deadly Boss Mods.

One other thing, I'm sure your son may know about this. If he receives any email or whispers in-game asking to give up his account info for a chance at in-game items, those are for sure account hackers. Those scams usually offer in-game mounts most of the time.

As far as I know he uses WoW Matrix, but I will check closer on that. I never thought about him giving his password info out for a chance to win something, but even if he did how could the hacker log back into his account after he changed both his password and contact email? Again, I will be talking to him about this. I am also being very weary of what I do with my own WoW account as this is a game he and I play every Friday night together. Thanks for the info.

Don't think just because you have a Mac you are safe. Keyloggers are on both Macs and Windows PCs. There are also hardware keyloggers that can be attached to a system.

Even if a keylogger was installed it most likely needed an Admin password to install. You son would of had to input the password for the install to even begin. Try a program like Little Snitch and monitor the outgoing connections and see if you can notice anything abnormal.


Good info on getting Little Snitch. As far as the Admin, password he doesn't know it because when he comes home from school, and after all homework and chores are done he asks the wife or me to "unlock the computer" as it is password protected.
 
OP
Dillinger-63
Joined
Feb 25, 2006
Messages
643
Reaction score
19
Points
18
Location
Streator, Illinois
Your Mac's Specs
MacBook Pro 13 Inch, 2 Mac Mini's 1.66 & 1.83, 2- iMac Intel i3 iPhone 4 & iPad 2 32 gig.
Update: MacScan found the Trojan and removed it. I also downloaded the free iPhone app from Blizzard called - Authenticator, that generates a random code that you must enter with a certain amount of time. This should help in securing the WoW account. Thanks to all for their suggestions.
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top