Too FAST - Is this Malware?

Vertical · Nov 8, 2021

Raz0rEdge said:
I'll go back to what I said originally, until we can see it ourselves, we aren't going to be able to help.

Okay, attempting an effort through Vimeo
Below is download:

Please Note: first use of Vimeo; per FAQ’s on video upload, ~1 minute = 100mg, large file=&

Please advise. Thanks
You can download this video file here:

Jumpy

Screen hypersensitive to input

vimeo.com

__
For the best experience, get the Vimeo app
Sent from my iPad, 3rd edn

Rod · Nov 8, 2021

Are all these actions occurring without any input from you, or are you saying they are too "fast"?
I mean if I was initiating the actions then I would not call that "jumpy", I would call that responsive.

Raz0rEdge · Nov 8, 2021

I'd agree with Rod here. On the "Undo" and "Undo and Redo", you are sliding between three options and depending on how you are sliding your fingers on the screen, you are having it bounce back and forth.

The other transitions look fine to me.

Vertical · Nov 8, 2021

Rod said:
Are all these actions occurring without any input from you, or are you saying they are too "fast"?
I mean if I was initiating the actions then I would not call that "jumpy", I would call that responsive.

They are in response to my input. Yes, I would enjoy responsive but all devices feel too quick but if that’s consensus I’ll go with it. Thank.

Vertical · Nov 8, 2021

Raz0rEdge said:
I'd agree with Rod here. On the "Undo" and "Undo and Redo", you are sliding between three options and depending on how you are sliding your fingers on the screen, you are having it bounce back and forth.

The other transitions look fine to me.

Okay, thanks, per other post.

Horsa · Nov 9, 2021

Dang, I wish my machines were that nippy! The question that remains unanswered, though, is why all of the OP's devices, regardless of OS or architecture, have suddenly acquired this super-responsive behaviour.

Vertical · Nov 9, 2021

Horsa said:
Dang, I wish my machines were that nippy! The question that remains unanswered, though, is why all of the OP's devices, regardless of OS or architecture, have suddenly acquired this super-responsive behaviour.

Exactly! It is very eerie using the devices. While everyone says it looks normal I continue to feel there is something amiss.

Vertical · Nov 9, 2021

I appreciate the responses of those who took the time and thinking to review my problem. I respect how one can deduce the hyper screen activity to be within normal ranges. However, I have been using Macs personally, adeptly and in my own business since 1985, and I assure you this is not ‘normal.’ if you were to use one of these affected machines you would undoubtedly feel the eeriness that I experience, as if there’s a connection on my network affecting all devices.

FWIW, This rippy movement started with a real time hack, where the hackers could control what was happening on my screen - even change text as I was typing!!! The best alignment with symptoms is the Pegasus virus (see YouTube) for which Apple issued an update in IOS 14.8 and the corresponding MacOS update. We did all the perfunctory processes to clean each device but the hyper-activity continued...even filed an FBI report after freezing assets.

This cryptic experience is driving me nuts! My next step is to find a forensics IT expert. If you can refer one I would very much appreciate the lead and would try to reciprocate. I’m willing to fly one in if necessary. Otherwise, I will post the results of that investigation.

Thanks again and kind regards from Atlanta, GA,

‘Stretch’

Bill Gates Jr. · Nov 9, 2021

It might have been helpful if you led your first post with the on line hack info.

Rod · Nov 9, 2021

Given that new and interesting information and because it seems like a global phenomenon across all devices I would be tempted to suggest that all the devices be erased and their native software only be restored. This is a big job but doable.
A test would be to erase one device first. Say an iPad. Do not sync it to anything, set it up a a new device. Sign into iCloud with the existing Apple account but do not sync any data. If that fixes the issue then slowly restore user data like email calendars and contacts but not Safari.
Alternatively perhaps a friend or family member could set up the device as their own. That would eliminate the possibility of any corrupted data being restored to the device from your account. See; What to do before you sell, give away, or trade in your iPhone, iPad, or iPod touch

Cr00zng · Nov 10, 2021

Rod said:
Given that new and interesting information and because it seems like a global phenomenon across all devices I would be tempted to suggest that all the devices be erased and their native software only be restored. This is a big job but doable.
A test would be to erase one device first. Say an iPad. Do not sync it to anything, set it up a a new device. Sign into iCloud with the existing Apple account but do not sync any data. If that fixes the issue then slowly restore user data like email calendars and contacts but not Safari.
Alternatively perhaps a friend or family member could set up the device as their own. That would eliminate the possibility of any corrupted data being restored to the device from your account. See; What to do before you sell, give away, or trade in your iPhone, iPad, or iPod touch

Good advise Rod, as usual... couple of additional suggestions...

Since the network, more accurately the Comcast provided broadband router is suspect, maybe erase/restore should be done in a different network, preferably not with Comcast. Doing so would eliminate the network as the source of the issue.

Alternatively, there's no reason for not checking/removing Pegasus on the devices. This has been made easy by forensic acquisition tools, like Mobile Verification Toolkit (MVT) (freeware) and iMazing (license-ware). The guide for using these tools, the short and sweet version is here:

How to remove Pegasus Spyware from android And iPhone? | Geekman

Are you looking for ways to remove Pegasus Spyware from android and iPhone? Check out this post that contains every information on Pegasus.

www.geekman.in

Tested my iPhone with iMazing had been easy, just couple of clicks and iMazing actually runs the MVT scripts behind the clicks in the background. The result was pretty much clean, with one warning:

See, there's some use for iMazing after all...

Vertical · Nov 10, 2021

Rod said:
Given that new and interesting information and because it seems like a global phenomenon across all devices I would be tempted to suggest that all the devices be erased and their native software only be restored. This is a big job but doable.
A test would be to erase one device first. Say an iPad. Do not sync it to anything, set it up a a new device. Sign into iCloud with the existing Apple account but do not sync any data. If that fixes the issue then slowly restore user data like email calendars and contacts but not Safari.
Alternatively perhaps a friend or family member could set up the device as their own. That would eliminate the possibility of any corrupted data being restored to the device from your account. See; What to do before you sell, give away, or trade in your iPhone, iPad, or iPod touch

We are on the same, previous page… . I did this, precisely 3 times. It went back to normal. Within 3 hours it was again infected. I then bought a new MBA M-1 and turned off all devices but it. The same thing happened when signing onto Apple with my primary account. I then erased it and repeated sign on with a new account. Normal. However, when I brought the primary account in it went to hyper mode. Then, the same occurred with all devices which is where I am today!

Thus, I can’t tell if the cycle of infection is in the primary software or in the network itself? if so, it’s in the Mail, IMHO. That is the reason I lead this thread with network solutions.

If you are interested in trying to help resolve this issue we could converse directly PM, contact using a throw away email. Please let me know your thoughts.

Vertical · Nov 10, 2021

Cr00zng said:
Good advise Rod, as usual... couple of additional suggestions...

Since the network, more accurately the Comcast provided broadband router is suspect, maybe erase/restore should be done in a different network, preferably not with Comcast. Doing so would eliminate the network as the source of the issue.

Alternatively, there's no reason for not checking/removing Pegasus on the devices. This has been made easy by forensic acquisition tools, like Mobile Verification Toolkit (MVT) (freeware) and iMazing (license-ware). The guide for using these tools, the short and sweet version is here:

How to remove Pegasus Spyware from android And iPhone? | Geekman

Are you looking for ways to remove Pegasus Spyware from android and iPhone? Check out this post that contains every information on Pegasus.

www.geekman.in

Tested my iPhone with iMazing had been easy, just couple of clicks and iMazing actually runs the MVT scripts behind the clicks in the background. The result was pretty much clean, with one warning:

See, there's some use for iMazing after all...

Now we’re cooking. Between you and Rod, addressing software and network… . I did in fact run iMazing and got a negative on iPhone and iPa, which is where all this started then migrated to other devices. I queried the developer about false negatives but this was not resolved - only that software should not be taken as an end-all, understandably.

I don’t code to any extent so I did not use the more detailed test. OTOH, it may not be Pegasus, per se but some rendition like it, if it is indeed spyware???

FWIW, I also changed modems 3 times for new IP but bug remains. I’m not IT savvy with hardware communications flow and interfaces, e.g. cellular and Wi-Fi and the corresponding settings. A critical path would be helpful, stepwise. Looks like I’m going back to school =(

I have gotten further understanding here than from any other source. Comcast has been errant and NO help. Sadly, Apple seems to be doing everything to remain distant, and I’ve been a loyalist and supporter for 35+ years. IMO, it’s a very different company from the days of Steve Jobs!

Cr00zng · Nov 10, 2021

With your last two posts, you seemingly know the source of the issue...

You did use iMazing to look for the remnant of Pegasus, where the results had been negative. Keep in mind that the MVT scripts only looks for Pegasus; should you have other malware on your systems, they are not evaluated. You'd be better off scanning the system(s) with AV solution appropriate for your systems.

You did learn with the new MBA-M1, that the new system did not have the malware, with older systems being off-line. Nor did the new M1 had any issues connecting to the Internet via Comcast. Creating a new account on the M1 also did not trigger the issue.

The problem showed up, if and when, you added an old account and downloaded your stored data, emails, etc. In which case, you need to narrow down where the file is that causing this issue. It could be as simple as a link somewhere, that accessed and the payload downloaded/executed on the device. Alternatively, it could be one of your apps that either has some sort of malware, bypassed Apple's screening, or just an app that is trying to do something that is blocked by the OS.

It's not going to be easy to find the source of the problems and if it would be mine, I'd start with the apps. It's unlikely, that any of the emails, or files would cause this problem. If you're systems are up to date with patches, the operating system in itself should block their execution. Do you have app sharing enabled for all devices? If you do, you should disable it until the issue resolved.

If it turns out to be an app, Apple would probably want to know. The new MBA-M1 comes with a year or so support, use that one to have them help you finding the culprit.

Vertical · Nov 10, 2021

Cr00zng said:
With your last two posts, you seemingly know the source of the issue...

You did use iMazing to look for the remnant of Pegasus, where the results had been negative. Keep in mind that the MVT scripts only looks for Pegasus; should you have other malware on your systems, they are not evaluated. You'd be better off scanning the system(s) with AV solution appropriate for your systems.

You did learn with the new MBA-M1, that the new system did not have the malware, with older systems being off-line. Nor did the new M1 had any issues connecting to the Internet via Comcast. Creating a new account on the M1 also did not trigger the issue.

The problem showed up, if and when, you added an old account and downloaded your stored data, emails, etc. In which case, you need to narrow down where the file is that causing this issue. It could be as simple as a link somewhere, that accessed and the payload downloaded/executed on the device. Alternatively, it could be one of your apps that either has some sort of malware, bypassed Apple's screening, or just an app that is trying to do something that is blocked by the OS.

It's not going to be easy to find the source of the problems and if it would be mine, I'd start with the apps. It's unlikely, that any of the emails, or files would cause this problem. If you're systems are up to date with patches, the operating system in itself should block their execution. Do you have app sharing enabled for all devices? If you do, you should disable it until the issue resolved.

If it turns out to be an app, Apple would probably want to know. The new MBA-M1 comes with a year or so support, use that one to have them help you finding the culprit.

With your last two posts, you seemingly know the source of the issue...…

Not really, only narrowed down to a couple of areas. I understand your input and appreciate your good thinking but I am stumped! It seems there are just too many permutations and combinations for me to ‘get lucky.’ With 9 active devices used sporadically none are synced with the same apps unless by coincidence. IOW, over the years I’ve amassed some 300+ apps; then download them at will when using the various devices in different areas. As an enthusiast I keep those with current operating systems, patches, etc.
(I will turn off app sharing, thanks.)

Logic compels me to think that a bug would be in a core app but how to prove that? Or, because the hyper mode is ALSO showing up on the TV and I-watch that the Wi-Fi is hijacked? It seems to require someone more skilled than me who is code savvy to discover the anomaly or at least some dedicated app? I’ve been at this since June and I’m baffled - probably can’t see the forest for the trees=&

This is a big deal, here. I’m retired and there’s a lot at potential risk! I’ve spent ~$1,000 on 2 local consultants who ended up repeating what I had already done=/ I think now is probably a good time to hire some real talent with forensic training? Is there some national company known to resolve such issues; one that would work with a home user versus corporate solutions? I’ve searched but finding that and qualifying the skill level continues to be a challenge.

MacInWin · Nov 10, 2021

Vertical said:
Logic compels me to think that a bug would be in a core app but how to prove that? Or, because the hyper mode is ALSO showing up on the TV and I-watch that the Wi-Fi is hijacked? It seems to require someone more skilled than me who is code savvy to discover the anomaly or at least some dedicated app? I’ve been at this since June and I’m baffled - probably can’t see the forest for the trees=&

Not to just dismiss what you have experienced, but can I counsel that you calm down about this? From the video, all I see is a very responsive system. You said you have run Intego's scanner and Detect X Swift and both were clean. You also said you had run the iMazing scan on your iPhone and iPad and they are clean. There is simply no recorded malware for the  Watch. You said it, too, is "jerky" but if it's keeping time then there is a 99.99% probability that it's just fine. You also said the movements/changes are in response to your inputs, so no spurious or unwanted actions.

Vertical said:
This is a big deal, here. I’m retired and there’s a lot at potential risk! I’ve spent ~$1,000 on 2 local consultants who ended up repeating what I had already done=/ I think now is probably a good time to hire some real talent with forensic training? Is there some national company known to resolve such issues; one that would work with a home user versus corporate solutions? I’ve searched but finding that continues to be a major hurdle.

I would also counsel here to stop throwing money away. You don't seem to have a real problem, just a perceived snappy responsiveness. It's not the network (multiple modems, multiple IP addresses). Not malware, viruses or infections (multiple scans with multiple products). Not a system bug, or there would be more folks than just you bringing it up. Two consultants didn't find anything. Basically, bottom line, sometimes when you find nothing it is because there is nothing to find.

I just moved from a 2015 MBP to the new 2021 MBP with M1Pro chipset. When I booted it for the first time, the screen opened before I could get the screen fully upright. Yes, it's that fast! Now I could go all paranoid and wonder if someone is somehow doing something nefarious, or I can just appreciate how fast this new system really is. I'm going with appreciation.

Vertical · Nov 10, 2021

MacInWin said:
Not to just dismiss what you have experienced, but can I counsel that you calm down about this? From the video, all I see is a very responsive system. You said you have run Intego's scanner and Detect X Swift and both were clean. You also said you had run the iMazing scan on your iPhone and iPad and they are clean. There is simply no recorded malware for the  Watch. You said it, too, is "jerky" but if it's keeping time then there is a 99.99% probability that it's just fine. You also said the movements/changes are in response to your inputs, so no spurious or unwanted actions.

I would also counsel here to stop throwing money away. You don't seem to have a real problem, just a perceived snappy responsiveness. It's not the network (multiple modems, multiple IP addresses). Not malware, viruses or infections (multiple scans with multiple products). Not a system bug, or there would be more folks than just you bringing it up. Two consultants didn't find anything. Basically, bottom line, sometimes when you find nothing it is because there is nothing to find.

I just moved from a 2015 MBP to the new 2021 MBP with M1Pro chipset. When I booted it for the first time, the screen opened before I could get the screen fully upright. Yes, it's that fast! Now I could go all paranoid and wonder if someone is somehow doing something nefarious, or I can just appreciate how fast this new system really is. I'm going with appreciation.

I‘ve heard the above several times… . I have owned and been through ~60 Macs, 9 of varying vintages since 2015, the rest in the basement and in mothballs, including the first 4 MacSEs I bought in 1985, and all I care to say in response to such admonitions is “it is a real phenomenon, hard to describe but you know it when you see it!”

I hope to be able to demonstrate that in the near term, as soon as we prove it out.

Thanks anyway.

Vertical · Nov 10, 2021

Cr00zng said:
…If it turns out to be an app, Apple would probably want to know. The new MBA-M1 comes with a year or so support, use that one to have them help you finding the culprit.

BTW, do you know if it is feasible, easily to set up 2 networks at home?

Cr00zng · Nov 10, 2021

Vertical said:
BTW, do you know if it is feasible, easily to set up 2 networks at home?

You could get an other ISP and setup separate internal networks, but why?

I don't believe that the network is an issue. Based on your description of the new MBA-M1 behavior, it didn't start to have issues until the old account had been added. That points to your apps and the files stored at Apple in your account. Apple certainly not going to add any additional app/files to cause this issue, it is caused by your data/app download to the new machine with your old account.

Once you disabled app sharing all around, only test one system, preferably the MBA-M1. If you feel more comfortable, set it up in the guess network that separate from the rest of the system. From my perspective, who has about a dozen apps, I cannot imagine having 300 of them. You could download these apps from the app-store with the new account and see when the issue returns, when installed.

Alternatively, you could just remove apps from your device and see, if the perceived issue goes away. Yes, it is a lot of work when you have so many apps. If you worry about loosing app data, maybe you should use a third-party data backup, like iMyPhone

As @MacInWin stated, this is not a widely reported issue, rather unique to your systems, apps, etc. The only way to find the source of the issue is through the process of elimination. You may get lucky and quickly find it, or might finish by the end of this year...

Vertical · Nov 10, 2021

Cr00zng said:
You could get an other ISP and setup separate internal networks, but why?…

As @MacInWin stated, this is not a widely reported issue, rather unique to your systems, apps, etc. The only way to find the source of the issue is through the process of elimination. You may get lucky and quickly find it, or might finish by the end of this year...

this is not a widely reported issue, rather unique to your systems, apps, etc.
True, but I understand that not many cases of this type of hack have been reported. I hate being ‘it!’

You could get an other ISP and setup separate internal networks, but why?…
Well, a separate network would prove that it is in the apps if the condition remains, and definitely not NW!

’End of year… .’
Right, and I’ll have to be committed! I’m working on it… .

Too FAST - Is this Malware?

Vertical

Jumpy

Rod

Raz0rEdge

Well-known member

Vertical

Vertical

Horsa

Vertical

Vertical

Bill Gates Jr.

Rod

Cr00zng

How to remove Pegasus Spyware from android And iPhone? | Geekman

Vertical

Vertical

How to remove Pegasus Spyware from android And iPhone? | Geekman

Cr00zng

Vertical

MacInWin

Vertical

Vertical

Cr00zng

Vertical

Shop Amazon