Hello. Yesterday, my PayPal account was hacked. In a phone call to customer service, the agent at PayPal said that I'd fallen for a phishing email (very well designed and looked like all the emails PayPal sent me). The email sent me to PayPal login, which was real, and I signed in. The agent said the hack might have put a keylogger on my MBP. What software do I need to scan for this? It would be nice if it could detect other malware. I'm technically illiterate, so please answer accordingly, not leaving out pertinent details because "everybody knows that." I can assure you, I don't. Many thanks for your help. Here is all I know about my MBP.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Malware Detection Software Recommendation
- Thread starter pwcopy
- Start date
- Sort by reaction score
With what you describe. It's much more likely you fell for website spoofing. You can run Malwarebytes if you want to check for Malware. What you do need to do is change your password and enable two factor authentication. If you are in the habit of reusing passwords. You need to change every other website with that password. Preferably using a password generator. To give each site a unique password.
Any website you access which has any payment information or personal information should also be setup with two factor authentication.
Any website you access which has any payment information or personal information should also be setup with two factor authentication.
Be aware that malware detection software isn't going to prevent another "phishing" problem.
That's something that YOU have to be aware of (when reading emails).
Having said that...
Agree with velocity above about MalwareBytes.
It's a free download.
BE AWARE:
After 30 days or so, it asks you to "pay to continue using it".
You DO NOT HAVE TO DO THIS (shouting is intentional).
Instead, choose to "convert it" to the "free" version.
The difference between the "pay for" and free versions is:
- the paid version runs "full-time" in the background
- the free version only runs when you tell it to run.
The free version works well enough for me...
That's something that YOU have to be aware of (when reading emails).
Having said that...
Agree with velocity above about MalwareBytes.
It's a free download.
BE AWARE:
After 30 days or so, it asks you to "pay to continue using it".
You DO NOT HAVE TO DO THIS (shouting is intentional).
Instead, choose to "convert it" to the "free" version.
The difference between the "pay for" and free versions is:
- the paid version runs "full-time" in the background
- the free version only runs when you tell it to run.
The free version works well enough for me...
Malwarebytes isn't able to detect all key loggers.
See this recent article: https://macmyths.com/how-to-know-if-my-mac-has-keylogger/
Obviously there's no point in changing your passwords until you're absolutely positive that you've removed the key logger and also I recommend that you don't use your infected computer to sign into anything.
The above article should get you started thinking about possible solutions but since you're not tech savvy,
you might want to consider getting professional assistance either from Apple or an authorized Apple repair service.
See this recent article: https://macmyths.com/how-to-know-if-my-mac-has-keylogger/
Obviously there's no point in changing your passwords until you're absolutely positive that you've removed the key logger and also I recommend that you don't use your infected computer to sign into anything.
The above article should get you started thinking about possible solutions but since you're not tech savvy,
you might want to consider getting professional assistance either from Apple or an authorized Apple repair service.
KnockKonck from Objective See which links to Virus Total with over 70 AV engines
BitDefender (free on apple Mac Store). Paid version of BitDefender has active malware protection, free version utilises the same AV engine,
Should detect most bad players and are solely one demand scanners and free, beyond that an active AV solution. Zero hits here, so just maybe Apple has something going on...
Q-6
BitDefender (free on apple Mac Store). Paid version of BitDefender has active malware protection, free version utilises the same AV engine,
Should detect most bad players and are solely one demand scanners and free, beyond that an active AV solution. Zero hits here, so just maybe Apple has something going on...
Q-6
Last edited:
Hey, everybody! Thanks for the info in language I can understand. I ran malwarebytes and KnockKnock, and neither reported suspicious apps, extensions or activity. This is great. Next week, I'm going to an Apple-exclusive guy in Ann Arbor to get my MBP wiped clean and reimaged with Catalina OS. This has been in the works since May 1 because it had been imaged by the IT department at my former employer so I could use it to work from home. That happened pre-Covid and the machine worked great. Now I'm retired and the machine is bloated with unlicensed software, emails and all kinds of work-related stuff I don't need. I will do my best to use it as little as possible. Thanks again!
I’d also add. Never click on links in emails you weren’t expecting. Even from a friend.
If you ever get an email out of the blue about an order you don’t remember, a problem with an account and so forth. Don’t use the provided links.
If you get an email like from PayPal. Google PayPal. Open the site that way. Then login to your account. Also bookmark sites you do any business with. Just to make it easier.
Also, when you get emails with links. If you hover your mouse pointer over the link. Typically in the lower left corner of the window. You’ll see what address the link goes to without clicking it.
If you ever get an email out of the blue about an order you don’t remember, a problem with an account and so forth. Don’t use the provided links.
If you get an email like from PayPal. Google PayPal. Open the site that way. Then login to your account. Also bookmark sites you do any business with. Just to make it easier.
Also, when you get emails with links. If you hover your mouse pointer over the link. Typically in the lower left corner of the window. You’ll see what address the link goes to without clicking it.
I forgot about another great Objective See app which you should run-
ReiKey: https://objective-see.org/products/reikey.html
It looks for Malware and other applications that install persistent keyboard "event taps" to intercept your keystrokes.
ReiKey scans, detects, and monitors for such taps.
ReiKey: https://objective-see.org/products/reikey.html
It looks for Malware and other applications that install persistent keyboard "event taps" to intercept your keystrokes.
ReiKey scans, detects, and monitors for such taps.
My daughter and her IT expert husband have been hacking into my MacBooks for years. It doesn't matter what I do or do not click on or download. They always seem to know what I've bought recently, all my different email addresses, etc. And she loves dropping hints about what she has been able to find. Yesterday she asked me to send some family medical history to an email address that was eerily similar to one of my own that she's not supposed to know about. Or she'll ask me about the quality of a certain athletic shoe I recently purchased. They live in a different state so they're not able to access my equipment locally. Drives me absolutely nuts. I've used Little Snitch in the past (that's how I caught them before) but I just don't have the patience anymore in my old age to sleuth every single connection that comes into my Mac.