Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

aircat

macrumors newbie
Original poster
Aug 10, 2022
8
4
Hi everyone,

I'm trying to figure out how to understand malware notification: Intego VirusBarrier message notified that Kidlogger was in an old Time Machine backup. (I'm looking for a file in ancient digital cupboards, so plugged in an older Time Machine disk.)

I'd love your thoughts on how to wrap my head around this.

A few things:
  1. My main question: do I proceed as if there was an active key logger on my Mac and change all of my passwords, for instance (even those saved in 1Password and Keychain)?
  2. Any damage is already done, if Kidlogger was indeed active.
Questions I'm curious about:
  1. Apparently Kidlogger is a 'legitimate' (if extremely questionable, imho) app that is, essentially, a keylogger.
    • I certainly never installed this deliberately. I'm pretty careful to install vetted software only.
  2. The filepath was in Devonthink: /My old Air/2016-07-04-182921/Macintosh HD/Applications/DEVONthink Pro.app/Contents/Resources/General.prefPane/Contents/MacOS/General
  3. If it's in Time Machine, this was on my hard drive from 2016 on! (3 computers ago)
    • There was a period when I wasn't using antivirus (because read then that it wasn't necessary on Macs), so may be why Kidlogger was missed then.
    • This is the first time I've seen this malware on my drives (main and attached), and I've used Sophos, Avast and Intego since then. (An antivirus found some Windows malware on a drive someone had sent me, but that's it.)
  4. What was it doing hiding in Devonthink--according to the path, it was in the app itself?
I've already deleted the file, btw (after copying the path).

Many thanks.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.