Hacked

[Ayrehead]

I received an email from a group of professional hackers saying we gained access to your devices and we installed an exploit on your devices.

I know such emails are often hoaxes, but I have reason to believe the message may be partly true. I used antivirus software from a major company and scanned my Mac and it found zero issues. Is there something more I can do to check the Mac?

I have an iMac of 2019 vintage, intel silicon, no special security chip. Am running Sequoia which is the latest I can have.

 

[bogdanw]

It's probably just an attempt to scam you.
Install a firewall just to be sure.
Lulu is free https://objective-see.org/products/lulu.html
Little Snitch has a free trial https://obdev.at/products/littlesnitch/index.html

 

[blufrog]

Why do you believe it to be "partially true"?

 

[Ayrehead]

The hackers seem to know my internet browsing.

 

[throAU]

The hackers seem to know my internet browsing.

That doesn't necessarily mean they hacked your machine. Could be that you hit a website they control, or potentially your home router is hacked. When was the last time you updated your router firmware? Is it secure?

But it is enough to:

• Run a Time Machine or other backup - ideally two. do not leave both of them connected to the machine, in case they DO have control of your machine and wipe everything.
• Change all your critical passwords to iCloud, Mac, banking, etc. One of the absolute worst things that could happen here is an iCloud/apple account compromise; that would mean they have all your saved passwords, etc. If you suspect the Mac is compromised, do it from your phone, iPad, etc.
• Check your apple account(s) have 2 factor authentication set up
• Potentially reinstall macOS and restore your data only from the Time Machine backup, or ideally just sync it to iCloud if you were already using that.

If any of this seems particularly traumatic (because you don't have backups, etc.) now is the time to remedy that.

Whilst it is possible there's nothing on your machine, if your machine is actually compromised, depending on the malware it may prevent the virus scanner from running properly.

Consider how much of your life is stored in that machine. Act with the appropriate level of caution.

 

[chown33]

That doesn't necessarily mean they hacked your machine. Could be that you hit a website they control, or potentially your home router is hacked. When was the last time you updated your router firmware? Is it secure?

Might also be a compromised or trojan browser plugin.
Or a VPN that got compromised.

Anything in the browser pathway is suspect.

 

[blufrog]

Web browsers are suspect. Always have been. Never run any extensions or anything in them; not even those claiming to be anti-advert or whatever.

Run it in Private mode, and ALWAYS close tabs and open new ones before browsing to a different website. There are dozens of ways websites can see what previous sites you visited. Doing the above can stop 99% of it.

 

[bogdanw]

The hackers seem to know my internet browsing.

If they would have hacked you, they would have all your passwords.

The most common method nowadays is using a infoStealer
“ "macOS Stealers: Stealing Your Coins, Cookies and Keychains" - M. Stewart & S. De Souza”

 

[Ayrehead]

Thanks for the advice, throAU.

I agree, that doesn't necessarily mean they hacked my machine. But to be sure, I want to restore.

My router is provided by the cable company which provides my internet. The cable company support says there is no way to scan the router for malware, and they say "there is no way to hack the modem." Ha ha.

I have 3 ways of backup, and 2 are normally disconnected from the Mac. I already have backups from before the hack supposedly happened.

I will backup again now.

I plan to reinstall macOS by booting with Command-R to start up from the local Recovery system, you get the current version of the most recently installed macOS.

I will restore the data volume from an early TM backup.