Hello out there in apple land!
First time poster, long time lurker. I'd really appreciate some advice on a pretty ****** happening which occurred last week:
I woke up on 11/2 to an unfamiliar screen orientation and layout on my M1 MBP. It was immediately clear that someone had gotten into the computer based on the fact that teamviewer was open (and wasn't previously installed) and several sensitive documents were saved to my desktop (copy of my DL and passport etc). The rest is pretty boring and boiler plate,they logged into venmo/paypal/my bank/amazon and bought a bunch of gift cards, changed gmail preferences to delete any incoming emails and deleted all of the emails that must have come in with all of these purchases. All told got out with quite a haul after maxing some cards and making transfers - in the realm of $19,000.
Generally I consider myself to be fairly savvy on any computer, and moreso on a mac than anything else. Whoever did this left some tracks because they forgot to clear browsing history and did all of their business within my browser. I've done the basics already - changed computer/gmail/paypal/vemno/wifi/social media/ALL THE REST passwords, gotten all the accounts closed and into fraud investigation processes, and frozen my credit with the 3 credit agencies. I've also gotten myself a VPN (ExpressVPN) for the time being, reinstalled little snitch (had it previously but it breaks Cascable Pro Webcam which I use for work so it wasn't currently installed), and have been turning off Wifi at night/when i'm not using the computer just in case.
Prior to making any changes I screen shotted everything visible including browser hx and etc, and also did an immediate search (after turning off wifi) for recently modified/open files so I have a good idea of what they got into and what they didn't. I ran malware/virus scans (although i'm on Ventura so Malwarebytes isn't supported currently), I've also downloaded and run EtreCheck which didn't identify any issues.
Here's the 2 questions I specifically am needing help with answering:
1. How did this person access my computer initially (since the first action taken was to download team viewer from Firefox obviously it wasn't the initial point of entry).
2. What information would someone need to remote into the computer to do this assuming there's no 3rd party screen sharing software on the computer (no webex/no teamsviewer), only apple remote desktop and the apple screen sharing app.
I've tried to use terminal commands to view recent screensharing authentications but none are showing up at all.
Any help appreciated!
First time poster, long time lurker. I'd really appreciate some advice on a pretty ****** happening which occurred last week:
I woke up on 11/2 to an unfamiliar screen orientation and layout on my M1 MBP. It was immediately clear that someone had gotten into the computer based on the fact that teamviewer was open (and wasn't previously installed) and several sensitive documents were saved to my desktop (copy of my DL and passport etc). The rest is pretty boring and boiler plate,they logged into venmo/paypal/my bank/amazon and bought a bunch of gift cards, changed gmail preferences to delete any incoming emails and deleted all of the emails that must have come in with all of these purchases. All told got out with quite a haul after maxing some cards and making transfers - in the realm of $19,000.
Generally I consider myself to be fairly savvy on any computer, and moreso on a mac than anything else. Whoever did this left some tracks because they forgot to clear browsing history and did all of their business within my browser. I've done the basics already - changed computer/gmail/paypal/vemno/wifi/social media/ALL THE REST passwords, gotten all the accounts closed and into fraud investigation processes, and frozen my credit with the 3 credit agencies. I've also gotten myself a VPN (ExpressVPN) for the time being, reinstalled little snitch (had it previously but it breaks Cascable Pro Webcam which I use for work so it wasn't currently installed), and have been turning off Wifi at night/when i'm not using the computer just in case.
Prior to making any changes I screen shotted everything visible including browser hx and etc, and also did an immediate search (after turning off wifi) for recently modified/open files so I have a good idea of what they got into and what they didn't. I ran malware/virus scans (although i'm on Ventura so Malwarebytes isn't supported currently), I've also downloaded and run EtreCheck which didn't identify any issues.
Here's the 2 questions I specifically am needing help with answering:
1. How did this person access my computer initially (since the first action taken was to download team viewer from Firefox obviously it wasn't the initial point of entry).
2. What information would someone need to remote into the computer to do this assuming there's no 3rd party screen sharing software on the computer (no webex/no teamsviewer), only apple remote desktop and the apple screen sharing app.
I've tried to use terminal commands to view recent screensharing authentications but none are showing up at all.
Any help appreciated!
