Medhealthx trojan on my Mac?

Joined
Jul 4, 2008
Messages
15
Reaction score
0
Points
1
I love my Mac. After reading many threads on this site, I decided not install anti virus software on my computer and I've been happy with that decision.

This morning my mother told me that my computer had somehow sent a suspicious email to her and many others with a link to hgd4.medhealthx.com/
My mother was smart enough not to click on the link. So I looked online, deleted many old contacts from my email list (hotmail) in case this happened again and installed CalmXav, which found nothing. Sure enough tonight my hotmail account sent another link--this time to soq7.medhealthx.com/

Hopefully my contacts will not click on the links, but I would like to remove whatever is on my computer that is causing this problem. I do not run Windows on my Mac. I don't do a lot of downloading and I have no idea what I might have clicked on myself that allowed the trojan on my computer--I would have said I was very cautious regarding what I download.

Please be gentle with your replies--I am not a computer expert.

Thanks. Donna
Mac OS X Version 10.5.8
 

cwa107


Retired Staff
Joined
Dec 20, 2006
Messages
27,042
Reaction score
812
Points
113
Location
Lake Mary, Florida
Your Mac's Specs
14" MacBook Pro M1 Pro, 16GB RAM, 1TB SSD
The good news is, you probably don't have a virus. What you're likely experiencing is a phenomenon known as "sender address spoofing".

Do you see these emails actually sitting in your Sent Items folder in Hotmail?
 
OP
W
Joined
Jul 4, 2008
Messages
15
Reaction score
0
Points
1
Yes, they are in my sent folder. I got many delivery failure notices. I'm glad of that.
 

cwa107


Retired Staff
Joined
Dec 20, 2006
Messages
27,042
Reaction score
812
Points
113
Location
Lake Mary, Florida
Your Mac's Specs
14" MacBook Pro M1 Pro, 16GB RAM, 1TB SSD
Yes, they are in my sent folder. I got many delivery failure notices. I'm glad of that.

Change your account password immediately. Make sure it is strong (mix of upper and lower case letters, include numbers and at least one special character like !@#$%^*(, etc).
 
Joined
Apr 9, 2009
Messages
2,073
Reaction score
68
Points
48
Location
Ithaca NY
Your Mac's Specs
13 inch alMacBook 2GHz C2D 4G DDR3, 1.25GHz G4 eMac
Yea, if they're in your sent folder, somebody definitely highjacked your account, not just spoofed it. Gotta keep ridiculously strong passwords in today's day and age. I usually use 14-16 characters, randomized. If you can remember a phone number, you can remember one good password. ;)
 

cwa107


Retired Staff
Joined
Dec 20, 2006
Messages
27,042
Reaction score
812
Points
113
Location
Lake Mary, Florida
Your Mac's Specs
14" MacBook Pro M1 Pro, 16GB RAM, 1TB SSD
Yea, if they're in your sent folder, somebody definitely highjacked your account, not just spoofed it. Gotta keep ridiculously strong passwords in today's day and age. I usually use 14-16 characters, randomized. If you can remember a phone number, you can remember one good password. ;)

Especially with Hotmail, which has traditionally been a haven for spammers, scammers and other riff-raff.
 
Joined
Mar 17, 2009
Messages
3,626
Reaction score
111
Points
63
Your Mac's Specs
2018 15" MBP, 2019 11" iPad Pro, iPhone 11 Pro
Especially with Hotmail, which has traditionally been a haven for spammers, scammers and other riff-raff.

I can vouch for that. Happened a few months ago to my Hotmail account and my wife's. We implemented tougher passwords and haven't had trouble since. :)
 
Joined
Sep 9, 2010
Messages
2
Reaction score
0
Points
1
medhealthx xpharmx

I'm not a Mac user but this is one of the more intelligent discussions I've seen and I thought I'd put my post here.

Last weekend, I got two messages from a colleague's Hotmail that pointed me to *.medhealthx.com sites. This morning, I got a very similar message from my wife's Hotmail account, pointing me to a *.xpharmx.com site.

I've been googling today to try to find what's up. As far as I can tell, all discussions including "medhealthx" are all from the past week or two. On the other hand, that may be because the spam author rolls out new domain names every week since I bet Hotmail spam filters will soon weed out messages containing *.medhealthx.com links. (My filters at work do that now.)

From what I've seen posted around the internet, this medhealthx issue spans Windows and Mac, Gmail and Hotmail. Messages do reside in Sent Items, so it appears this is not spoofing.

I changed my wife's Hotmail password. My fear is that the culprit is keylogging spyware. If that's true, it may happen again.

Regarding the possibility that it is an attack on weak passwords: My wife and colleague both had 6-character alpha passwords. That's not a super-easy level, but also not very strong.

I welcome suggestions about what to try or look for.
 
Joined
Oct 10, 2004
Messages
10,345
Reaction score
597
Points
113
Location
Margaritaville
Your Mac's Specs
3.4 Ghz i7 MacBook Pro (2015), iPad Pro (2014), iPhone Xs Max. Apple TV 4K
From what I've seen posted around the internet, this medhealthx issue spans Windows and Mac, Gmail and Hotmail. Messages do reside in Sent Items, so it appears this is not spoofing.

True. The virus isn't ifiltrating the OS, it's hitting the GMail and Hotmail servers vice the individual machines.
 
Joined
Mar 17, 2009
Messages
3,626
Reaction score
111
Points
63
Your Mac's Specs
2018 15" MBP, 2019 11" iPad Pro, iPhone 11 Pro
I'm not a Mac user but this is one of the more intelligent discussions I've seen and I thought I'd put my post here.

Last weekend, I got two messages from a colleague's Hotmail that pointed me to *.medhealthx.com sites. This morning, I got a very similar message from my wife's Hotmail account, pointing me to a *.xpharmx.com site.

I've been googling today to try to find what's up. As far as I can tell, all discussions including "medhealthx" are all from the past week or two. On the other hand, that may be because the spam author rolls out new domain names every week since I bet Hotmail spam filters will soon weed out messages containing *.medhealthx.com links. (My filters at work do that now.)

From what I've seen posted around the internet, this medhealthx issue spans Windows and Mac, Gmail and Hotmail. Messages do reside in Sent Items, so it appears this is not spoofing.

I changed my wife's Hotmail password. My fear is that the culprit is keylogging spyware. If that's true, it may happen again.

Regarding the possibility that it is an attack on weak passwords: My wife and colleague both had 6-character alpha passwords. That's not a super-easy level, but also not very strong.

I welcome suggestions about what to try or look for.

I had a 7 digit alpha-numeric password on my Hotmail and it was still "hacked". So, changing the password to something unique/random/difficult is your best approach/solution. I haven't had this happen again since I changed mine.
 
Joined
Sep 9, 2010
Messages
2
Reaction score
0
Points
1
MYmacROX, did your hack involve the symptoms discussed in this thread (spam sent from your account with *.medhealthx.com or another medical website ending with an x), or is yours an unrelated attack?
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top