Am I at risk?

[DCIFRTHS]

A couple of things things are concerning me. I'm trying to figure out if my MacBook Pro is compromised. Any help would be greatly appreciated.

Backstory:
The other day I recovered an old .me Apple ID that I found the credentials for. The account was "locked for (unspecified) security reasons". I had to answer security questions, and give birthdate information to reenable the account. I did this on the Apple site. All seems okay so far...

The next day, I booted my Mac, the built in keyboard along with the external keyboard and mouse, were not functioning.
The external keyboard had power going to it as the backlighting was on. It did not respond to any input. Both the mouse and external keyboard are hooked up through a Belkin 1 to 4 port USB-C to USB-C hub. It has been working without issue, for about a year - since the day I got it.
Unplugging and reconnecting the hub, then restarting the Mac did not fix the issue with the hub (keyboard and mouse) although the built in keyboard was working. I unplugged everything, did a power down, restarted and used the built in keyboard to sign in to the OS (Sonoma 14.5). I reconnected the USB-C hub. I was prompted to allow the "VIA USB Hub" access to the system. I believe this happened when I first installed the hub too. I granted it. All was now fine with the external keyboard and mouse.

Okay... I found out that my computer was used to access the Only Fans site, and view content. Not sure if any other similar sites were visited. Only Fans was visited BEFORE I had my troubles listed above...

My concerns are these:
I was unaware that an Apple .me account could be reenabled. Does anyone know if this is common practice? (I'm careful with URLs and navigated directly to Apple site). It just seemed "off" to me.

I tried to add the .me email account to Apple mail using iCloud as the provider, and I received a message stating that I would have to use this as my iCloud account on the computer. Does this make sense even though I am only setting up an email account?

Given the built in and USB Keyboard/mouse issues, could I be infected with some type of keyboard logger or malware? I know it's possible, but I guess what I'm really asking is what can I do to check?

I'm very concerned, and would rather not wipe the whole machine. As I m mentioned above any help would be greatly appreciated.

 

[DeltaMac]

Contact Apple support about this
I'm pretty sure that you cannot have 2 different AppleID accounts active at the same time, on the same Mac. So, Apple was guessing that when you added a newly-reactivated Apple ID, and making use of that older account, that you wanted to move to that account... Well, you would naturally start using the iCloud through that older account. One result would be losing access to whatever is in your other AppleID account. Such as, pictures, videos, etc, and other personal files, whatever is stored in your present iCloud.
It quickly, IMHO, gets "messy" when you lose access to some of your (important) personal stuff...

But, you had concerns about re-enabling and older AppleID, so what circumstances led you to now re-enable an AppleID that was apparently locked-out at some point? There is always a delay when an AppleID that has been locked, a delay period before the account can be re-enabled. So, that old AppleID was likely past whatever preset delay was needed, and all you had to do was wait out that delay, then enter your credentials, and prove who you were. You did that, successfully.
But, what do you do now? If it was several years since you last used it, then you have to be cautious, and now you know why: The old AppleID doesn't really have your "stuff", and if you begin using it, making it the active account on your main Mac, you absolutely run the risk of stopping access to whatever you have in your present iCloud (through your present AppleID account.
Let me (gently) repeat: Contact Apple Support for questions about using more than one AppleID account.
I bet that the first thing that will happen will be: Apple will tell you to Change your AppleID password, probably on BOTH of your AppleID accounts, and Apple will likely tell you to settle on only one AppleID (Probably the one that you were previously using, because that's where all your "stuff" is found, compared to the older .me account.

 

[Bigwaff]

You can always log into iCloud.com web portal using either of the Apple IDs... check email, change password, MFA, trusted devices, etc. Do this for recovered Apple ID and you'll have no need to worry.

 

[DCIFRTHS]

Contact Apple support about this
I'm pretty sure that you cannot have 2 different AppleID accounts active at the same time, on the same Mac. So, Apple was guessing that when you added a newly-reactivated Apple ID, and making use of that older account, that you wanted to move to that account... Well, you would naturally start using the iCloud through that older account. One result would be losing access to whatever is in your other AppleID account. Such as, pictures, videos, etc, and other personal files, whatever is stored in your present iCloud.
It quickly, IMHO, gets "messy" when you lose access to some of your (important) personal stuff...

But, you had concerns about re-enabling and older AppleID, so what circumstances led you to now re-enable an AppleID that was apparently locked-out at some point? There is always a delay when an AppleID that has been locked, a delay period before the account can be re-enabled. So, that old AppleID was likely past whatever preset delay was needed, and all you had to do was wait out that delay, then enter your credentials, and prove who you were. You did that, successfully.
But, what do you do now? If it was several years since you last used it, then you have to be cautious, and now you know why: The old AppleID doesn't really have your "stuff", and if you begin using it, making it the active account on your main Mac, you absolutely run the risk of stopping access to whatever you have in your present iCloud (through your present AppleID account.
Let me (gently) repeat: Contact Apple Support for questions about using more than one AppleID account.
I bet that the first thing that will happen will be: Apple will tell you to Change your AppleID password, probably on BOTH of your AppleID accounts, and Apple will likely tell you to settle on only one AppleID (Probably the one that you were previously using, because that's where all your "stuff" is found, compared to the older .me account.

I had a feeling that was the case regarding the Apple ID. I was hoping to add it to Apple Mail to use as just an email account. Thanks for the info!
Any thoughts on my problem regarding malware/keylogger?

 

[DCIFRTHS]

You can always log into iCloud.com web portal using either of the Apple IDs... check email, change password, MFA, trusted devices, etc. Do this for recovered Apple ID and you'll have no need to worry.

That is what I will do! Any thoughts on checking for malware?

 

[russell_314]

That is what I will do! Any thoughts on checking for malware?

Why do you think you have malware? You’re not going to get malware by going to the onlyfans website. How you get malware on macOS is by downloading pirated or cracked apps. Unless you’re a high value target, I wouldn’t worry too much about it.

If you’re really worried, you could download the free version of Malwarebytes and do a scan. That should pick up most things.

Other than that, make sure your Mac is updated with the latest version of macOS. That is your best protection against any kind of malware.

 

[DCIFRTHS]

Why do you think you have malware? You’re not going to get malware by going to the onlyfans website. How you get malware on macOS is by downloading pirated or cracked apps. Unless you’re a high value target, I wouldn’t worry too much about it.

If you’re really worried, you could download the free version of Malwarebytes and do a scan. That should pick up most things.

Other than that, make sure your Mac is updated with the latest version of macOS. That is your best protection against any kind of malware.

What triggered me was the built-in keyboard, external keyboard and mouse not working. Also, the USB-C hub needing to be "installed" again. Made me think malware interfering with the input of the MacBook. Finding out about the Only Fans login and viewing content pushed me over the edge.

Do you recommend anything besides or in addition to Malwarebytes? I've always thought that they didn't have comprehensive detection - maybe I'm wrong?

If Malwarebytes installed, what's the best way to remove it once I'm done? I don't like having remnants left over.

 

[DeltaMac]

OnlyFans?
Who else in your household has physical access to your MBPro (and knows your password)?

Malwarebytes can be used for free, allowing you to manually scan the drive. The free version does NOT automatically scan, so doesn't add to your system memory needs when not in use. I have it on my Mac, run it once or twice a month, and it simply waits. You can pay to upgrade to full-time scanning, if you wish.

Ready to Uninstall Malwarebytes?
Open Malwarebytes app.
Click the Help menu, choose Uninstall Malwarebytes. You'll see a popup, asking if you want to completely remove Malwarebytes. Click Yes. Enter your password. Click OK. Done.

 

[tonmischa]

Okay... I found out that my computer was used to access the Only Fans site, and view content. Not sure if any other similar sites were visited.

Just guessing here. Is it possible that you visited that site years ago before that old .me account was disabled/abandoned? And it stayed in the browsing history of the old .me account all these years and now got synced back to your recent Safari History because you re-activated that account?

To be honest: This all sounds more like a "whoops, everything is behaving a little strange because AppleID has changed" to me.
But I can also recommend the FREE Sophos for Mac for checking against Viruses and Malware.

 

[SpotOnT]

on a Mac you can use different Apple ID’s for the App Store/iTunes/etc and iCloud.

If you want to use differentApple IDs for iCloud you need to create a separate user. Each user can have a different Apple ID. Or just login to your second Apple ID on the web.

If you want to use the old email address, and that is all - just setup a forwarding rule for your old email address.

As for the keyboard crash - I don’t see how logging into an old Apple ID would trigger malware. I would bet the crash was some power surge or other hardware issue. Keep an eye out for it.

As for only fans…has your Safari history been synced with the old Apple ID? Otherwise I would think someone else has physical access to your computer and you didn’t know because you weren’t looking for something to be wrong until the keyboard failure….

I just don’t see how recovering an Apple ID directly from Apple could infect your computer.

 

[ipaqrat]

I'm very concerned, and would rather not wipe the whole machine. As I m mentioned above any help would be greatly appreciated.

Your symptoms don't sound obviously malware-y. MalwareBytes is decent, for a little free peace of mind.

HOWEVER...

Why do you think you have malware? You’re not going to get malware by going to the onlyfans website. How you get malware on macOS is by downloading pirated or cracked apps.

This is absolutely WRONG. Websites (OnlyFans or any other) can absolutely, 100% deploy malware if:

• The web site contains JavaScript (or other MobileCodes) or scripted components that start a "Chain" exploits that escalate, step by step, attempting to obtain admin permissions in the computer OS.
  • THIS is how most RANSOMWARE exploitation gets going on personal computers.
  • You could be "interacting" with 1-pixel "web bug" just by loading a web page. ANY point of presence on a web page is like a pinhole in a submarine.
  • Let's all be honest, now, most users run daily with admin permissions.
• OR You are tricked into entering real credentials for local apps or web services are themselves trusted on your machine. Like if you get login prompts and you're in a hurry, or frustrated at the interruption...
  • Like if your VPN service gets compromised, and its app on your system is installed with system permissions (most are, to some extent).
• OR You run into particularly well-crafted malware that manages to use an actual software vulnerability to gain system permissions. Porn and Pirate Video Repos are especially prolific. Apple is notorious for stonewalling malware discoveries and releasing patches.

These scenarios happen ALL THE TIME, far more often than installing a pirated/cracked app, simply because most users use browser most of the time. Obvs, pirated/cracked apps are a terrible idea in every way we have profanity for, which is all of the ways.

Other than that, make sure your Mac is updated with the latest version of macOS. That is your best protection against any kind of malware.

Yes, this👆; however, web browsers need a little boost, because we users are the weak link, and every hacker knows it. Consider using add-ins like these for Chrome and Firefox...

• NoScript
• Ghostery
• LeechBlock
• uBlockOrigin

...Regardless of browsers' settings. (I run them all at the same time -- they are compatible with each other, and don't noticeably slow anything down.) Learn the features, keep them tuned and review their logs.

Apple has embedded some of these features into Safari, as have certain 2nd tier browser vendors, such as Brave Opera and Microsoft Edge, DuckDuckGo...

Things are weaker than we commonly believe, Mac OS included. There are options to shore up security - and they're all irritating. Of course, security tools themselves can get pwned in supply chain vulnerabilities (SolarWinds much? Microsoft Exchange?), so there's that...

 

[Minghold]

Why do you think you have malware? You’re not going to get malware by going to the onlyfans website. How you get malware on macOS is by downloading pirated or cracked apps.

The way you get "malware" on a Mac is by using Safari for everything without an ad-blocker; it sucks out-of-box, and Apple will eventually withhold support for your OS's version of it anyway (prompting you to buy new hardware after sufficient hysteria-mongering about "security"). You'll almost never get malware from hackware because no virus-writer is going to waste their time targeting the vestigial remnant of Mac users who still know how to turn on "Install from Anywhere" via the Terminal, as it's been default disabled for a decade now.

If you’re really worried, you could download the free version of Malwarebytes and do a scan. That should pick up most things.

They're mediocre at best (i.e., don't buy a subscription), and don't catch Safari browser-redirects well in my experience. Ditto any other corporate antimalware package spammed to the high heavens in "Best" lists floated to the top of Google search returns. (Aside from Safari browser-hijacking, most performance-throttling issues can be resolved by trashing Adobe, Google, and Microsoft garbage lurking in the Library/Launch-deomon folders. That, and not running Catalina or newer on any intel-series Mac.)

Other than that, make sure your Mac is updated with the latest version of macOS. That is your best protection against any kind of malware.

Lies, lies, damned lies, every time. (This is only the best way to ensure that you're a perpetually unpaid beta-tester of the latest broken nonsense, and to sluggify and artificially obsolesce your gear on Apple's timetable. Exihibit "A" for the prosecurtion: all those design studios chomped in the ass when Monterey's third update disabled their 27" Thunderbolt Display monitors. The way to eliminate malware is to stop using Safari, Mail, iCloud, and the rest of that dreadful "ecosystem", you trained-to-salivate Pavlovian dogs (because that's the very thing that any mac malware will be written to exploit). Run anything else with uBlock Origin and Adblocker Ultimate browser extensions. I recommend Chromium-legacy on Mojave/HFS+ for intel-chip machines; might also work on silicon.)

 

[Minghold]

on a Mac you can use different Apple ID’s for the App Store/iTunes/etc and iCloud.

<eyeballs do the cartoon boingy-oingy>

...and this is the company whose user-account set-up procedure eagerly prompts encryption-scrambling soldered-in drives, slaving them to account PWs and disabling external booting (and selling this as a security feature, or course).

They absolutely know that a certain substantial percentage of users will forget or mangle their passwords, and have deliberately designed their very expensive machines to be as hard as possible to recover -- and most "genius bars" closed in the last few years. It boggles my mind that anyone still buys anything new from them.

 

[Jumpthesnark]

most "genius bars" closed in the last few years.

What? I have yet to see an Apple Store without one, staffed and busy.

 

[TechnoMonk]

What you described doesn’t seem like malware. It’s bunch of things misbehaving at the same time. I use seledate Apple ID for music/App Store. My .mac/.me account is used for iCloud.

 

[Minghold]

What? I have yet to see an Apple Store without one, staffed and busy.

Minneapolis used to have nine or a dozen, including some at street-access; now it's down to three or four, all buried deep in the guts of moribund shopping-malls. (You try hoofing a 27" iMac a quarter-mile through a mall.) This is after dealing with Xfinity-level irritation setting up an appointment because humans don't answer Apple's phones anymore, and before reach a real human at the 'bar after a half-hour wait who looks upon you with pity (or disdain, depending upon temperment) as they tell you that Apple now only does that kind of service-work by mail-in.

 

[Arctic Moose]

I would create two new accounts on the computer, and log in with one Apple ID on each one.

Then, if I were curious, which I would be, I’d go through the safari history on the one with the old one and check the timestamps.

 

[Minghold]

What you described doesn’t seem like malware. It’s bunch of things misbehaving at the same time. I use seledate Apple ID for music/App Store. My .mac/.me account is used for iCloud.

I used a folder labeled "Music" that I dump mp3 & FLAC collections into. It's at the root level of the drive (Mojave/HFS+, so I can still do that), meaning it can't be hosed if something happens to the User folder. Drag stuff onto FAT32 flash-sticks for the car.

The Apple ecosystem is there to hold your data hostage. Eject it from your life.

 

[Arctic Moose]

It's at the root level of the drive (Mojave/HFS+, so I can still do that), meaning it can't be hosed if something happens to the User folder.

I fail how to see how a user folder on the same drive would be any more prone to hosing than the rest of the drive. I could see an advantage if your home folder is an encrypted image as would have been the case with legacy FileVault some 12 years ago, but not today.

This is not forums.mustonlypimplatestappleproduct.com.

No, but it is severely off-topic and has nothing at all to do with the question asked.

 

[Minghold]

I used a folder labeled "Music" that I dump mp3 & FLAC collections into. It's at the root level of the drive (Mojave/HFS+, so I can still do that), meaning it can't be hosed if something happens to the User folder. Drag stuff onto FAT32 flash-sticks for the car.

I fail how to see how a user folder on the same drive would be any less prone to hosing than the rest of the drive.

My music folder is not in a user folder -- that was the point. It's less prone to hosing because it's not buried ten levels down under a password and reliant upon multiple generations of Apple ecosystem portals never roaching it. (I've made money, just in the last month, recovering music and pictures from mangled user partitions where the main partition was fine. Isn't APFS delightful? <spit>)

Sure: if somebody fires a missile through the window, it'll be equally vulnerable. Otherwise, no.

No, but it is severely off-topic and has nothing at all to do with the question asked.

I don't think security of user-documents is severely off-topic in a thread entitled "Am I at risk?". (And everybody, and I mean everybody, should have a physical external drive as a dump repository, especially for purchased items such as music, kindle books, etc. Two in fact, neither kept in the same location. Do not expect the cloud to be your savior.)

Regards ecosystems, I will additionally append: stop buying music through Apple. (There's no reason to let the NSA one-stop-shop for all of your personal proclivities.)

 

[Fuzzball84]

My only concern would be is it a shared computer… you said only fans appeared to be accessed… who accessed it? If you didn’t and no one else has access to the computer… well that would be odd.

Best advice is to keep all software updated.. if concerned do a wipe and reinstalling of MacOS and see what other devices are associated with the Apple ID. Check two factor auth and change your passcodes and passwords.

 

[DCIFRTHS]

OnlyFans?
Who else in your household has physical access to your MBPro (and knows your password)?

Malwarebytes can be used for free, allowing you to manually scan the drive. The free version does NOT automatically scan, so doesn't add to your system memory needs when not in use. I have it on my Mac, run it once or twice a month, and it simply waits. You can pay to upgrade to full-time scanning, if you wish.

Ready to Uninstall Malwarebytes?
Open Malwarebytes app.
Click the Help menu, choose Uninstall Malwarebytes. You'll see a popup, asking if you want to completely remove Malwarebytes. Click Yes. Enter your password. Click OK. Done.

It was my mistake to allow someone in my household access to my computer without supervision. I NEVER do that... except this one time It will never happen again, and I'm pissed at myself for letting it happen. I am extremely vigilant when it comes to my digital life. I'm "that guy" that wears the tin foil hat. Unfortunately, my guard was down this time.

I appreciate the uninstall info on Malwarebytes.

Just guessing here. Is it possible that you visited that site years ago before that old .me account was disabled/abandoned? And it stayed in the browsing history of the old .me account all these years and now got synced back to your recent Safari History because you re-activated that account?

To be honest: This all sounds more like a "whoops, everything is behaving a little strange because AppleID has changed" to me.
But I can also recommend the FREE Sophos for Mac for checking against Viruses and Malware.

I didn't get the info about the OF site using history. It was confessed to me AFTER the visit.

It seems that I have confused some helpful posters, so I need to clarify that I didn't actually use the old, recovered .me account, by signing in through OS system settings or the Apple mail app.

When I tried to add the old ID as an account in Apple Mail, using the iCloud option, there was a prompt stating that I would be using the old ID as the Apple ID for the system. I wasn't going to risk having the old account messing up my settings, docs etc.

I was surprised that adding a mail account to Apple Mail wanted to replace my Apple ID on my MBP.

What I did was recover the ID, then signed in to iCloud using the browser.

It's definitely possible that this is a "whoops, everything is behaving a little strange because AppleID has changed" moment. More than that, it's the timing of the Only Fans discovery/confession, built in keyboard / forced reinstall of USB-C hub / external keyboard not working that has me worried. One of the first things I thought of was malware, and that's what has thrown me, and prompted my posting this thread.

on a Mac you can use different Apple ID’s for the App Store/iTunes/etc and iCloud.

If you want to use differentApple IDs for iCloud you need to create a separate user. Each user can have a different Apple ID. Or just login to your second Apple ID on the web.

If you want to use the old email address, and that is all - just setup a forwarding rule for your old email address.

As for the keyboard crash - I don’t see how logging into an old Apple ID would trigger malware. I would bet the crash was some power surge or other hardware issue. Keep an eye out for it.

As for only fans…has your Safari history been synced with the old Apple ID? Otherwise I would think someone else has physical access to your computer and you didn’t know because you weren’t looking for something to be wrong until the keyboard failure….

I just don’t see how recovering an Apple ID directly from Apple could infect your computer.

I have always used one account as I'm (up until now) the only person using this machine. I need better digital hygiene, and I will create a different user, without admin permissions, if I decide to use the old ID for anything other than mail.

My history has not been synced with the old Apple ID. I was told about the OF access - I may not have been clear about that.

 

[Minghold]

My only concern would be is it a shared computer… you said only fans appeared to be accessed… who accessed it? If you didn’t and no one else has access to the computer… well that would be odd.

Best advice is to keep all software updated.. if concerned do a wipe and reinstalling of MacOS and see what other devices are associated with the Apple ID. Check two factor auth and change your passcodes and passwords.

Fuzz, reinstalling the OS is nuking the site from orbit, and reinstalling OSes, especially APFS OSes on silicon hardware, ought not be suggested if there's even a remote possibility that the machine's linked ID is frazzled in the least. I.e., you ⌘R your way through the reinstall process, and it gets to the step where Apple requests an ID to finish installation (thoughtful of them to wait until the very end), but it doesn't like the one you enter. Congratulations: you now own a brick. --Given that the OP had Apple ID issues, reinstalling is the absolute last thing I would do with a still-functioning machine.

So far, we don't even know what the problem is, specifically, or even if they're singular. From the OP description, it sounds like a typical corporate data-breach of the type we see every odd week now, with users having to update their passwords again (ad nauseum), and that happened to sort of coincide the day before a bunch of 3rd-party peripheral hardware connection issues possibly resultant from Sonoma not being perfect in every way <tremendous eyeroll>, which the OP appears to have resolved (fingers crossed). The OP then wrote: "I found out that my computer was used to access the Only Fans site....", emphasis on site, as in perhaps somebody made use of an open Safari window while the owner was temporarily absent and the screensaver hadn't yet kicked in. (Would it be indelicate to inquire if there are children in the house? Methinks not.) Or said browser was being run without adblocking (because Safari doesn't come with it by default), and you never know where the innocuous rectangle you absentmindly clicked will send you.

Basically, if Safari (if they're still using it against my advice) isn't exhibiting any redirect behavior, and their peripherals are behaving, and Malwarebytes chucjed a thing or two, I'd consider the problems resolved. (At least until the next installment of Sonoma Update Bingo spins the ball-container.)

 

[DCIFRTHS]

Your symptoms don't sound obviously malware-y. MalwareBytes is decent, for a little free peace of mind.

HOWEVER...


This is absolutely WRONG. Websites (OnlyFans or any other) can absolutely, 100% deploy malware if:

• The web site contains JavaScript (or other MobileCodes) or scripted components that start a "Chain" exploits that escalate, step by step, attempting to obtain admin permissions in the computer OS.
  • THIS is how most RANSOMWARE exploitation gets going on personal computers.
  • You could be "interacting" with 1-pixel "web bug" just by loading a web page. ANY point of presence on a web page is like a pinhole in a submarine.
  • Let's all be honest, now, most users run daily with admin permissions.
• OR You are tricked into entering real credentials for local apps or web services are themselves trusted on your machine. Like if you get login prompts and you're in a hurry, or frustrated at the interruption...
  • Like if your VPN service gets compromised, and its app on your system is installed with system permissions (most are, to some extent).
• OR You run into particularly well-crafted malware that manages to use an actual software vulnerability to gain system permissions. Porn and Pirate Video Repos are especially prolific. Apple is notorious for stonewalling malware discoveries and releasing patches.

These scenarios happen ALL THE TIME, far more often than installing a pirated/cracked app, simply because most users use browser most of the time. Obvs, pirated/cracked apps are a terrible idea in every way we have profanity for, which is all of the ways.


Yes, this👆; however, web browsers need a little boost, because we users are the weak link, and every hacker knows it. Consider using add-ins like these for Chrome and Firefox...

• NoScript
• Ghostery
• LeechBlock
• uBlockOrigin

...Regardless of browsers' settings. (I run them all at the same time -- they are compatible with each other, and don't noticeably slow anything down.) Learn the features, keep them tuned and review their logs.

Apple has embedded some of these features into Safari, as have certain 2nd tier browser vendors, such as Brave Opera and Microsoft Edge, DuckDuckGo...

Things are weaker than we commonly believe, Mac OS included. There are options to shore up security - and they're all irritating. Of course, security tools themselves can get pwned in supply chain vulnerabilities (SolarWinds much? Microsoft Exchange?), so there's that...

The way you get "malware" on a Mac is by using Safari for everything without an ad-blocker; it sucks out-of-box, and Apple will eventually withhold support for your OS's version of it anyway (prompting you to buy new hardware after sufficient hysteria-mongering about "security"). You'll almost never get malware from hackware because no virus-writer is going to waste their time targeting the vestigial remnant of Mac users who still know how to turn on "Install from Anywhere" via the Terminal, as it's been default disabled for a decade now.

They're mediocre at best (i.e., don't buy a subscription), and don't catch Safari browser-redirects well in my experience. Ditto any other corporate antimalware package spammed to the high heavens in "Best" lists floated to the top of Google search returns. (Aside from Safari browser-hijacking, most performance-throttling issues can be resolved by trashing Adobe, Google, and Microsoft garbage lurking in the Library/Launch-deomon folders. That, and not running Catalina or newer on any intel-series Mac.) ...

I have always been reluctant to use extensions on the browser because they usually require a lot of access. I am going to look into the ones that you both mentioned for evaluation. I appreciate the suggestions. Are there any for Safari? If you have any others, please post them!

I am considering Malwarebytes especially since it has a proper uninstall function. I'm sure it leaves traces behind anyway... I don't like that Malwarebytes doesn't get submitted for evaluation by "testing authorities". We only have reputation to go by, which is important, but test results matter too.

 

[DCIFRTHS]

Fuzz, reinstalling the OS is nuking the site from orbit, and reinstalling OSes, especially APFS OSes on silicon hardware, ought not be suggested if there's even a remote possibility that the machine's linked ID is frazzled in the least. I.e., you ⌘R your way through the reinstall process, and it gets to the step where Apple requests an ID to finish installation (thoughtful of them to wait until the very end), but it doesn't like the one you enter. Congratulations: you now own a brick. --Given that the OP had Apple ID issues, reinstalling is the absolute last thing I would do with a still-functioning machine.

So far, we don't even know what the problem is, specifically, or even if they're singular. From the OP description, it sounds like a typical corporate data-breach of the type we see every odd week now, with users having to update their passwords again (ad nauseum), and that happened to sort of coincide the day before a bunch of 3rd-party peripheral hardware connection issues possibly resultant from Sonoma not being perfect in every way <tremendous eyeroll>, which the OP appears to have resolved (fingers crossed). The OP then wrote: "I found out that my computer was used to access the Only Fans site....", emphasis on site, as in perhaps somebody made use of an open Safari window while the owner was temporarily absent and the screensaver hadn't yet kicked in. (Would it be indelicate to inquire if there are children in the house? Methinks not.) Or said browser was being run without adblocking (because Safari doesn't come with it by default), and you never know where the innocuous rectangle you absentmindly clicked will send you.

Basically, if Safari (if they're still using it against my advice) isn't exhibiting any redirect behavior, and their peripherals are behaving, and Malwarebytes chucjed a thing or two, I'd consider the problems resolved. (At least until the next installment of Sonoma Update Bingo spins the ball-container.)

If I'm understanding you correctly, the problems may be singular. Yes, the computer was used to access, sign in and browse the OF site. I was away at the time. Temporarily absent sums it up. I take full responsibility.
Obviously, it's important that I need to correct anything that may have happened because of my mistake.

The built in keyboard was unresponsive, and I'm not sure if that is a result of software or hardware. Now that I think more about this, it may be the most alarming part of the "hardware issues". Any thoughts on this? My brain went to poorly coded keyboard logger gone crazy. EDIT: The access to OF was not because my password was compromised, it was someone within my household

I am still. using Safari, but I'm reconsidering that. Any suggestions on adblockers/privacy tools for Safari? As mentioned in another post, I am concerned about the privacy implications of the privacy focused extensions that install in the browser. Again, thoughts?

EDIT: Minor fixes.