Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Pumpkineater

macrumors newbie
Original poster
May 5, 2022
1
2
Hi,
firstly please dont tell me it isnt happening. I havent come here to determine wether i am crazy or not or wether this is happening. I am after shared stories and advice on how to get out of this disaster.
I am in a job with access to confidential jnformation. Since Last year I have been havked across all decices in home network - including windows but starting with my mac book. There are a number of people who could have done this and police are looking into that aspect - alot has happened from ransom folders - to new software installed in my car - in chinese and changing direction as i am driving - to sweet dream messages on phone exactly as i hop into bed - random photos on my drive - they edit photos of evidence i take - like logs etx. Thousands of dolllars out of accounts. Locked out of accounts - files deleted. On and on and on it goes - phone turns on and takes photos - someone looked at it who used to be a hacker and said i was logging into a virtual windows computer - that this was paid professionals and a targeted attack - on my iphone when i try and erase and activate it says cant use provda.vm.vodafone - insecure certificate and forces me to use wifi. I have been told that is a virtual machine link as well.
Police have said i need to work out whats happening with computers and they are following up money and software knstallation on car etc- i have escelated this to get the Federal police cybersecurity involved and am waiting for response.
the problem is i cant get out of it - i bought so many new devices - got rid of everything at once - i got a new provider for new network and new router and did not use any old accounts - and still as soon as network comnection is made all these virtual hyper file comnections - windows servecr in activity monitor using massive cpu - and its infected and controlled straight away - i know they use bluetooth as a way of finding other devices as they mine on all the time and i have found myself connected to a network that was a bluetooth area network with rediced security disguised as mine - i cant access normal settings on iphone - so all files or trace of them is hidden - theyvhave me enrolled in a remote device managment as configurator and other stuff comes up over and over in privacy and logs amd i didnt even know what it was.I also have xcode on my phone and some beta developer thing downloaded - i have glimpsed it hidden in back files of other apps but cant delete it-
apple are hopeless - they say delete it - but it makes no difference - they have partitioned my hard drive and u can see the virtual disvks and external devices /
in safari they have complete control - i looked uo cybersecurity number and rang it and keot getting this rental people - i notices a quick flash on safari screen so i screenreckreded slowed down and they are literally changing the number on safari - i ring norton - theyvask for all this oersonal knfo - i get suspicious and ask questikns- they hang up - nectcday om work phone - norton says no not them -

it started with icloud - infected - carried over - opened door and now hell on earth - i have research article die that i cant do - i cant even order uber eats - taxis have their pick uo location changed so I was left waiting for hours in dark alone - no one seems to inderstand the seriosness of thr violent stalking intrusion and the atttavk on my life.
foremsic computer guys want money indont have

what in the heck should i do - i cant find anyone with the right skill set to help me-
when i tried looking up norton in to join up on new computer - in adress bar it said norton.com but inwent ul clicked and cooied and then pasted in notes and this was the address - there are trojans in devices as well - domains that match trojans

also i think its in my Tv

oh i also ended up with confidential information from work - ( a huge organisation) in my icloud - about critical events - and have other peoples university notes amd work in my microsoft account as its an old uninaddress - from a phd on dietetics to economic lecture notes
 

Attachments

  • BF2B36E1-4814-4063-B255-900F71B0439B.jpeg
    BF2B36E1-4814-4063-B255-900F71B0439B.jpeg
    557.8 KB · Views: 660
Last edited:
Hi,
firstly please dont tell me it isnt happening. I havent come here to determine wether i am crazy or not or wether this is happening. I am after shared stories and advice on how to get out of this disaster.
I am in a job with access to confidential jnformation. Since Last year I have been havked across all decices in home network - including windows but starting with my mac book. There are a number of people who could have done this and police are looking into that aspect - alot has happened from ransom folders - to new software installed in my car - in chinese and changing direction as i am driving - to sweet dream messages on phone exactly as i hop into bed - random photos on my drive - they edit photos of evidence i take - like logs etx. Thousands of dolllars out of accounts. Locked out of accounts - files deleted. On and on and on it goes - phone turns on and takes photos - someone looked at it who used to be a hacker and said i was logging into a virtual windows computer - that this was paid professionals and a targeted attack - on my iphone when i try and erase and activate it says cant use provda.vm.vodafone - insecure certificate and forces me to use wifi. I have been told that is a virtual machine link as well.
Police have said i need to work out whats happening with computers and they are following up money and software knstallation on car etc- i have escelated this to get the Federal police cybersecurity involved and am waiting for response.
the problem is i cant get out of it - i bought so many new devices - got rid of everything at once - i got a new provider for new network and new router and did not use any old accounts - and still as soon as network comnection is made all these virtual hyper file comnections - windows servecr in activity monitor using massive cpu - and its infected and controlled straight away - i know they use bluetooth as a way of finding other devices as they mine on all the time and i have found myself connected to a network that was a bluetooth area network with rediced security disguised as mine - i cant access normal settings on iphone - so all files or trace of them is hidden - theyvhave me enrolled in a remote device managment as configurator and other stuff comes up over and over in privacy and logs amd i didnt even know what it was.I also have xcode on my phone and some beta developer thing downloaded - i have glimpsed it hidden in back files of other apps but cant delete it-
apple are hopeless - they say delete it - but it makes no difference - they have partitioned my hard drive and u can see the virtual disvks and external devices /
in safari they have complete control - i looked uo cybersecurity number and rang it and keot getting this rental people - i notices a quick flash on safari screen so i screenreckreded slowed down and they are literally changing the number on safari - i ring norton - theyvask for all this oersonal knfo - i get suspicious and ask questikns- they hang up - nectcday om work phone - norton says no not them -

it started with icloud - infected - carried over - opened door and now hell on earth - i have research article die that i cant do - i cant even order uber eats - taxis have their pick uo location changed so I was left waiting for hours in dark alone - no one seems to inderstand the seriosness of thr violent stalking intrusion and the atttavk on my life.
foremsic computer guys want money indont have

what in the heck should i do - i cant find anyone with the right skill set to help me-
when i tried looking up norton in to join up on new computer - in adress bar it said norton.com but inwent ul clicked and cooied and then pasted in notes and this was the address - there are trojans in devices as well - domains that match trojans

also i think its in my Tv

oh i also ended up with confidential information from work - ( a huge organisation) in my icloud - about critical events - and have other peoples university notes amd work in my microsoft account as its an old uninaddress - from a phd on dietetics to economic lecture notes


Pumpkin Eater. You are not crazy!!! Identical story here and I am in the middle of restoring each device one by one. The first thing you need is a clean Mac (I don't care if you have to go buy one from Best Buy and return it). Download apple configurator. Please keep in mind - if your Apple ID has been compromised (which I am assuming this is the case because mine has). When you log in to a new device the hackers have installed profiles and configurations on iCloud that set things up for it to happen all over again. I would make a new one for now and only access your iCloud by browser. I have Also found that Safari is normally compromised in this situation. I have had the best success with Tor Browser. Everything else and I mean every browser you can name I have tried. This has been going on for two weeks. I know who it is but that doesn't help me right now. If you are using drop box - you MUST remove the all access to your drive. This is one of the tools they used to get control of my drive. Same thing with me - the recovery program has been altered, bios locked, and no recovery allowed from external boot drive (which was my first try). Hang in there. I am working with configurator now and will update this thread as soon as I get a clean machine. FYI look out for your app or account that runs the service for your high speed. They had actually went into my LAN and put a proxy in there that steered everything to a virtual machine server IP address. Check all your devices or at least the Mac. os devices in network settings under proxy. You will see an FTP at the bottom. Make sure that is not checked with an unknown address. This was standard across all my devices. On your IOS phone/Ipad - go to privacy and go to the bottom. Make sure the report is turned on so you can see what apps are contacting which servers etc. Also, under anayltics - look at the logs. Check out the server addresses listed and see if any are viruses, malware, or malicious. I found a bunch in there which actually led me to a couple responsible companies. One out of India.
 

Attachments

  • system log snap.png
    system log snap.png
    1.9 MB · Views: 229
  • IMG_0048.PNG
    IMG_0048.PNG
    891 KB · Views: 231
  • IMG_0046.PNG
    IMG_0046.PNG
    937 KB · Views: 295
  • IMG_0047.PNG
    IMG_0047.PNG
    919.4 KB · Views: 228
  • IMG_0045.PNG
    IMG_0045.PNG
    923.5 KB · Views: 209
  • IMG_0049.PNG
    IMG_0049.PNG
    910.1 KB · Views: 226
I had a rough family business breakup. My brother and I could not see eye to eye so I left. Since that time all of this abnormal issues started to arise in my devices. The next thing that happened was a professional Gustavo type take over of all of my emails. Then my IHG account and Ameritrade. Local law enforcement are almost no help at all. I honestly just want my devices back. I cannot generate income to support my family without them. Every time I try to restore I get a modified version of Mac OS or IOS steering me towards a server. The bios has the boot by external drive disabled. I am in the process of setting up configurator to install a fresh OS. Does anyone have any experience with this or configurator to get into the bios?

Thank you for your time!

Godspeed3
 

Attachments

  • IMG_0047.PNG
    IMG_0047.PNG
    919.4 KB · Views: 252
  • IMG_0048.PNG
    IMG_0048.PNG
    891 KB · Views: 170
  • IMG_0046.PNG
    IMG_0046.PNG
    937 KB · Views: 180
  • IMG_0045.PNG
    IMG_0045.PNG
    923.5 KB · Views: 145
  • IMG_0049.PNG
    IMG_0049.PNG
    910.1 KB · Views: 175
  • IMG_0049.PNG
    IMG_0049.PNG
    910.1 KB · Views: 198
  • Screen Shot 2022-05-25 at 12.50.14 PM.png
    Screen Shot 2022-05-25 at 12.50.14 PM.png
    1,004.7 KB · Views: 192
  • Like
Reactions: MeowOG
What in the world... you mean Gestapo? Also, to take over accounts like IHG and Ameritrade, they need access to your personal email which you used to setup those accounts.

As per restoring an iPhone/iPad, just go to Settings > General > Transfer or Reset iPhone > Erase all Data

That will send your iPhone into a complete wipe down. Then setup as new.
 
Yes I meant Gestapo - and yes they hacked my “my Verizon” account and forwarded my number. All of my accounts were linked to my work number which I do not have anymore in order to gain access to my personal accounts. This is real - I’ve lived it for the past two weeks. I build workstations with 2015 ish 27” macs by beefing up the RAM and running OS off SSD. My old workstation was all I used for everything for the last 10 years so my device was trusted, they had my old number for awhile and once I got a new number and phone they got in thru Verizon account by forwarding in order to receive the verification codes. This has been a family attack. I have for daughters - all of their devices as well as my wife’s has been compromised………
 
Every time I try to restore I get a modified version of Mac OS or IOS steering me towards a server.
What is giving you that impression? I'm sorry, but none of your screenshots show that, and there isn't anything unusual here from what I can see.
  • The Analytics & Data will show random funky stuff from Analytics-Journal, JetSam, SiriSearchFeedback, etc. That is normal.
  • The App Privacy report will show random funky domains. That is normal.
    • In your example, I see Apple, Let's Encrypt, Google, Amazon Ads, and Apple Ads. None of these are "bad".
  • I don't see anything unusual in your Disk Utility screenshot either.
    • The disk should have been named 'Macintosh HD' instead of 'Data' during setup, but that is just a minor detail that doesn't affect anything.
    • The 'Shared Support' disk you've selected is from the macOS installer. Again, nothing unusual here.
  • The "BIOS" having the external boot external drive disabled is how new Macs are shipped.
I suggest getting help, or understand how things are supposed to work. Nothing here shows you've been compromised or hacked.
 
Last edited:
I’m having the same issue where whatever this is has infected EVERYTHING. Apple says I’m crazy I’m not being hacked their normal files. I’m not crazy!!! Photos being taking while I sleep and accounts being hacked. What was the results y’all had?
 

Attachments

  • IMG_4354.png
    IMG_4354.png
    241 KB · Views: 125
  • IMG_4344.png
    IMG_4344.png
    398.2 KB · Views: 121
  • IMG_4343.png
    IMG_4343.png
    421 KB · Views: 120
  • IMG_4342.png
    IMG_4342.png
    454.8 KB · Views: 114
  • IMG_4341.png
    IMG_4341.png
    446.8 KB · Views: 119
  • IMG_4345.png
    IMG_4345.png
    174.9 KB · Views: 130
  • IMG_4306.png
    IMG_4306.png
    421.8 KB · Views: 123
  • IMG_4154.png
    IMG_4154.png
    312.7 KB · Views: 119
  • IMG_3273.png
    IMG_3273.png
    129.1 KB · Views: 119
  • IMG_3265.png
    IMG_3265.png
    84.5 KB · Views: 129
Did any of this come with either ransomware extortion requests or lost of money from identity theft activities? Or was sole/primary purpose just to invoke chaos?
 
Have no idea what your upload is supposed to show. The fact that an app is using your camera is not in itself proof of anything.

What were the pictures that were taken?
 
  • Like
Reactions: JustAnExpat
As an networking and cyber security expert for over 30 years, this sounds absolutely ******* crazy insane........if it wasn't happening to myself as well.

Everything these people say is true, and here is the technical details.
It's %100 a real hacking l. They take over all devices with Bluetooth LE. They install Qemu virtual machines prior to the main OS and load cryptex libraries and maserda real services with they malware....wait, sound familiar? Yup, a modified version of apples security research os. They redirect your DNs and perform man in the middle attacks to gather information. Everyone except experts think your crazy because they just don't understand the inner working of computers. "Why would they do that to you". It's possible because I run an MSP with access to thousands more computers,l.

It's persistent. The poster above is correct that they use apple MDM solutions, Google MDM, windows autopilot and anything else to maintain control. They do this because they know the inner workings of the MDM solutions, abd once they control your DNS it's over. I'm deep in the hole. Apple doesn't take my calls, probably because they are busy wondering how to fix this.

The problem is bigger than people seem. Almost every device in the apple store is compromised.

The Internet is full of trolls and kids, so anytime you say "I'm positive Google com is stealing my data" they call you crazy. What they don't understand is google.com resolves to an IP address and that IP address is different than what everybody else is.

Keep reporting guys. There's dozens of reports on the internet that either end with trolls saying you're crazy or that this could never happen. Trust me, it's happening. In fact, over half the United States is hacked. There's very few of us that even know what the hell is going on. I'm one of them and I've been unable to even work for the past 3 months. If anybody wants real hard technical details with screenshots and firmware of the hacks, I'll be glad to show you and give them to you
 
Lots of newbies wit the same exact problem? 🤔

So let's review exactly what's happening:

>It's %100 a real hacking l.

What country are you from, and is English your native language. As a cyber security professional, you should know that this is not "hacking", it's cracking.

>They take over all devices with Bluetooth LE.

How? Are all these devices have a bluetooth connection? What security settings is configured on the bluetooth devices? What does the network look like? Can I have a network diagram map please?

>They install Qemu virtual machines prior to the main OS and load cryptex libraries and maserda real services with they malware..

From an English grammar perspective, that doesn't make sense. However, I'm assuming "they" (whoever "they" are) is doing this (as you claim):

1. They enter your network via bluetooth.
2. They install a copy of MacOS via Qemu.
3. They install Qemu on "bare metal" as a type 1 hypervisor, and MacOS appears to load as normal (even though it's a VM running on Qemu).
4. They violate information security best practices that way.

Problem: Qemu is a type 2 hypervisor (source: https://www.packetcoders.io/what-is-the-difference-between-qemu-and-kvm/). Physically it can't happen.

>The poster above is correct that they use apple MDM solutions, Google MDM, windows autopilot and anything else to maintain control.

And how do you know that? Screenshots please showing proof.

>Almost every device in the apple store is compromised.

How do you know that?

>so anytime you say "I'm positive Google com is stealing my data" they call you crazy.

Everyone knows that Google uses a person's data to generate revenue. That's how Google (or Alphabet, if you want to be technical) makes a profit. I wouldn't call it stealing though (which is why I'm questioning if you're a native English speaker).

> If anybody wants real hard technical details with screenshots and firmware of the hacks, I'll be glad to show you and give them to you

Please show me.
 
I would only add (for those following along) that Apple-based MDM tools don't rely on DNS. It's easy to blame MDM...as 98% of users don't know how they work, so they can't really question them. That's pretty handy.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.