PDA

View Full Version : Hacked?




nwebb
Jul 13, 2012, 09:26 PM
TL;DR: I effectively lost control of the mouse. It was almost as if it was being controlled remotely ... or automated.
Question is, does it sound likely that my machine could have been compromised and should I rebuild it? - Thanks.

Problem
Hi, yesterday my mouse suddenly became quite awkward to control so I decided to reboot my MBP. After the reboot I watched as my mouse right-clicked folders & moved between screens, so I rebooted again and killed the WiFi upon startup, but then after another minute or so it happened again. I watched as the mouse clicked a number on the calculator (widget-screen), highlighted a line of text in a sticky (widget-screen) etc.

Useful Info
We're in Thailand, in long-stay apartments with password protected (but shared) WiFi so the chances of something untoward happening are heightened. I've only been installing legit software: Camtasia for Mac over 1 month ago, and Boom (audio control) from the appstore the day before yesterday, and I've not been visiting any overtly dodgy sites.

* Bluetooth is off (so it wasn't a nearby mouse etc)
* I am using the trackpad only and had no other peripherals plugged in
* Happened when connected to WiFi AND after reboot when I turned Wifi off
* I have (a legit copy of) Little Snitch running
* I have the firewall turned on
* I have FileVault turned on
* Installed 'Boom' from the appstore the previous day
* I HAD FILE SHARING TURNED ON FOR PUBLIC FOLDER ACCESS (admin=r/w, everyoneelse=read only)
* I use Chrome as my browser
* Chrome disabled TextExpander (TextExpander also reported that it was in "Secure Input" mode, which is partly there to stop malware (see attachment))

More Info
I'm sure the text was drag-selected rather than double-click selected. I also saw the number 4 being pressed a few times on the calculator, then the text was highlighted, then back to the calculator to press the same button again, but towards the end everything became erratic - then I killed the machine - after another reboot I cleared the cache (I also noted that TextExpander was disabled - see attachment). No problems since, but I could still have a compromised machine.

I thought about some automatic/recording process being responsible because I had both Photoshop and Illustrator (CS5) open at the time, but I don't use automation and I don't think these programs were active after the reboot. I can't see how it could possibly be anyone else controlling my machine if the WiFi was off, but perhaps the WiFi didn't disable properly(?)

The last thing I was doing before the weirdness started was surfing some websites using Chrome and looking for info about stocks and shares, and so I entertained the possibility of a browser hijack - the oddness seemed to stop after I cleared my cache, but I can't be sure that it was a resolution.



Intell
Jul 13, 2012, 09:29 PM
Your machine hasn't been hacked. The file sharing turned on with the public folder shared is nothing to be worried about. It sounds like a faulty trackpad or other hardware problem. Once again, you have not been hacked.

robgendreau
Jul 14, 2012, 12:18 PM
Have you checked your battery? A swelling battery can sometimes produce random cursor movement and clicks.

east85
Jul 14, 2012, 12:52 PM
Most likely a ghost from the Thailand Tsunami in 2004 (super creepy because 4 was being pressed on your calc), wanting to try out the new MacBook. :eek:

Seriously though, I'd check your battery. Usually that's what causes these sorts of things, swelling. I'd imagine the climate might be conducive to swelling as well. Good luck.