Am I at risk?

[Fuzzball84]

Fuzz, reinstalling the OS is nuking the site from orbit, and reinstalling OSes, especially APFS OSes on silicon hardware, ought not be suggested if there's even a remote possibility that the machine's linked ID is frazzled in the least. I.e., you ⌘R your way through the reinstall process, and it gets to the step where Apple requests an ID to finish installation (thoughtful of them to wait until the very end), but it doesn't like the one you enter. Congratulations: you now own a brick. --Given that the OP had Apple ID issues, reinstalling is the absolute last thing I would do with a still-functioning machine.

So far, we don't even know what the problem is, specifically, or even if they're singular. From the OP description, it sounds like a typical corporate data-breach of the type we see every odd week now, with users having to update their passwords again (ad nauseum), and that happened to sort of coincide the day before a bunch of 3rd-party peripheral hardware connection issues possibly resultant from Sonoma not being perfect in every way <tremendous eyeroll>, which the OP appears to have resolved (fingers crossed). The OP then wrote: "I found out that my computer was used to access the Only Fans site....", emphasis on site, as in perhaps somebody made use of an open Safari window while the owner was temporarily absent and the screensaver hadn't yet kicked in. (Would it be indelicate to inquire if there are children in the house? Methinks not.) Or said browser was being run without adblocking (because Safari doesn't come with it by default), and you never know where the innocuous rectangle you absentmindly clicked will send you.

Basically, if Safari (if they're still using it against my advice) isn't exhibiting any redirect behavior, and their peripherals are behaving, and Malwarebytes chucjed a thing or two, I'd consider the problems resolved. (At least until the next installment of Sonoma Update Bingo spins the ball-container.)

Best to be sure… reinstalling Mac OS is the easiest way to give complete piece of mind when you don’t know what’s been done to the system before it’s in your hands. Except from receiving the laptop new.

It’s relatively quick and easy to be back up and running again.

 

[Arctic Moose]

My music folder is not in a user folder -- that was the point. It's less prone to hosing because it's not buried ten levels down under a password and reliant upon multiple generations of Apple ecosystem portals never roaching it.

I meant the opposite. Fixed. (Although what I meant should have been quite clear from the context.)

I don't think security of user-documents is severely off-topic in a thread entitled "Am I at risk?".

I guess you only read the title. 🤷‍♂️

 

[russell_314]

This is absolutely WRONG. Websites (OnlyFans or any other) can absolutely, 100% deploy malware if:

You are correct that any website CAN deploy malware on your Mac. There is a big difference between can and will. Legitimate websites are not going to intentionally do this. It will quickly be found out, and then the website will lose all their traffic. This means they won’t make money.

Even slimy websites like Facebook are not going to do this. There’s always a slight chance that any website could be hacked, but at that point you’re moving over to the paranoid side of things and then you have to ask the question. Do you need to be paranoid? Some people need to be that paranoid, but most don’t.

This is why you stay away from unknown websites and links, but you can still browse the web going to popular websites without fear.

 

[russell_314]

What triggered me was the built-in keyboard, external keyboard and mouse not working. Also, the USB-C hub needing to be "installed" again. Made me think malware interfering with the input of the MacBook. Finding out about the Only Fans login and viewing content pushed me over the edge.

Do you recommend anything besides or in addition to Malwarebytes? I've always thought that they didn't have comprehensive detection - maybe I'm wrong?

If Malwarebytes installed, what's the best way to remove it once I'm done? I don't like having remnants left over.

Well, if you didn’t go to that website yourself, that means someone else has access to your computer. that’s your problem right there not the fact that you might have malware. Removing whatever is not going to do you any good if someone else can just login again.

I would do a Malwarebytes scan and see if it finds something. Most of these security software developers are trying to get money from people by making them paranoid. Yes they can find some malware, but most people doing the things they do on a computer will never encounter this. this is why a lot of them will show results for tracking cookies so it makes it look like they actually found something.


As to what to do if there’s malware on your system. If you find actual malware, the only answer is backup your files and reinstall macOS.

 

[russell_314]

The way you get "malware" on a Mac is by using Safari for everything without an ad-blocker; it sucks out-of-box,

Using an ad blocker is not going to make you invulnerable to malware. The way to not get malware is stay off random unknown websites and don’t click links in emails. If you really need to go to some crazy website's because curiosity is burning a hole in you then use a Chromebook.

and Apple will eventually withhold support for your OS's version of it anyway (prompting you to buy new hardware after sufficient hysteria-mongering about "security").

Yes, new operating systems require new hardware at some point. Apple will update older operating systems to a point, but they still can have security vulnerabilities.

You'll almost never get malware from hackware because no virus-writer is going to waste their time targeting the vestigial remnant of Mac users who still know how to turn on "Install from Anywhere" via the Terminal, as it's been default disabled for a decade now.

It happens all the time. There was a news article about this not too long ago. Much of this is just to steal information. They will install malware or more correctly. The user will install the malware and then it will collect keystrokes or whatever to gather usernames and passwords.

They're mediocre at best (i.e., don't buy a subscription), and don't catch Safari browser-redirects well in my experience.

I agree they’re not very good. I don’t use any type of anti malware. No type of security can make up for user error.

Lies, lies, damned lies, every time. (This is only the best way to ensure that you're a perpetually unpaid beta-tester of the latest broken nonsense, and to sluggify and artificially obsolesce your gear on Apple's timetable. Exihibit "A" for the prosecurtion: all those design studios chomped in the ass when Monterey's third update disabled their 27" Thunderbolt Display monitors.

If you’re trying to keep obsolete hardware running then yeah you don’t want to update it all the way. If you have modern hardware, then it’s fine. I like older hardware to play around with, but I’d rather use modern stuff for my day to day use. You’re always going to be more secure with an updated operating system.

 

[DCIFRTHS]

Well, if you didn’t go to that website yourself, that means someone else has access to your computer. that’s your problem right there not the fact that you might have malware. Removing whatever is not going to do you any good if someone else can just login again.

I would do a Malwarebytes scan and see if it finds something. Most of these security software developers are trying to get money from people by making them paranoid. Yes they can find some malware, but most people doing the things they do on a computer will never encounter this. this is why a lot of them will show results for tracking cookies so it makes it look like they actually found something.


As to what to do if there’s malware on your system. If you find actual malware, the only answer is backup your files and reinstall macOS.

My access problem has been eliminated. No one has my password, and the situation wil not happen again. No humans were harmed as a result of the cleansing lol

The fact still remains that the website was accessed, and if malware was downloaded, it needs to be removed. I’ll probably run malwarebytes, and see what it returns. I’m on the fence regarding a complete reinstall of the OS using Internet recovery.

Edit: spelling

 

[russell_314]

My access problem has been eliminated. No one has my password, and the situation wil not happen again. No humans were harmed people were harmed as a result of the cleansing lol

The fax still remains that the website was accessed, and if malware was downloaded, it needs to be removed. I’ll probably run nowhere bites, and see what it returns. I’m on the fence regarding a complete reinstall of the OS using Internet recovery.

Well good luck! If it was me, I would just do the scan and call it a day. Just make sure if you reinstall the OS to have everything backed up.

 

[DCIFRTHS]

Well good luck! If it was me, I would just do the scan and call it a day. Just make sure if you reinstall the OS to have everything backed up.

Appreciate your thought and opinions 👍

 

[tenthousandthings]

It was my mistake to allow someone in my household access to my computer without supervision. I NEVER do that... except this one time It will never happen again, and I'm pissed at myself for letting it happen. I am extremely vigilant when it comes to my digital life. I'm "that guy" that wears the tin foil hat. Unfortunately, my guard was down this time.

I appreciate the uninstall info on Malwarebytes.



I didn't get the info about the OF site using history. It was confessed to me AFTER the visit.

It seems that I have confused some helpful posters, so I need to clarify that I didn't actually use the old, recovered .me account, by signing in through OS system settings or the Apple mail app.

When I tried to add the old ID as an account in Apple Mail, using the iCloud option, there was a prompt stating that I would be using the old ID as the Apple ID for the system. I wasn't going to risk having the old account messing up my settings, docs etc.

I was surprised that adding a mail account to Apple Mail wanted to replace my Apple ID on my MBP.

What I did was recover the ID, then signed in to iCloud using the browser.

It's definitely possible that this is a "whoops, everything is behaving a little strange because AppleID has changed" moment. More than that, it's the timing of the Only Fans discovery/confession, built in keyboard / forced reinstall of USB-C hub / external keyboard not working that has me worried. One of the first things I thought of was malware, and that's what has thrown me, and prompted my posting this thread.




I have always used one account as I'm (up until now) the only person using this machine. I need better digital hygiene, and I will create a different user, without admin permissions, if I decide to use the old ID for anything other than mail.

My history has not been synced with the old Apple ID. I was told about the OF access - I may not have been clear about that.

You can definitely set it up so the old AppleID is just for email. I have multiple Apple addresses I monitor. Not sure what the message is you’re getting, but you should be able to troubleshoot this. I’d try the Apple Support Community forums.

Agree with you and others that the malware scare due to OF and keyboard issues is separate from the old AppleID resurrection. Likely the same person who visited OF also somehow nuked your keyboard?

I do have one tip on using the old AppleID just for Mail. In my experience, each AppleID needs to have at least one primary device associated with it for iCloud. So, for example, my wife and I have an old .Mac account that we use as a joint email address. A few years ago we started having problems with it, I’m sorry I don’t remember what exactly, but maybe something similar to what you’ve encountered. I only resolved it by wiping an old iPhone and setting it up using the old .Mac account as the primary. So then its iCloud had a device associated with it, and there were no more problems with its email elsewhere. The old phone just sits in a drawer, battery dead.

 

[Fishrrman]

Migosh, there are a lot of hot breaths and keystrokes shooting back and forth here.

OP:
When you ask for help, there are a few things you should ALWAYS state right up front:
- what Mac you have
- WHAT YEAR it was made
- WHICH VERSION of the OS is running.
Others cannot provide "pin-point" help without this info.

Having said that...
If you still have access to that OLD Apple ID, SIGN OUT of it and let it be.
Just "leave it behind you".

Then...
Sign back IN to your actual (current) Apple ID if you wish.

Personal interjection:
I generally stay signed OUT of Apple.
I like my privacy. And the Apple "ecosystem" has no appeal to me anyway, although I've been a Mac user for 37 years now.
(end of personal interjection)

Next:
If you haven't done so, download and run Malwarebytes.
Get THE FREE version
DO NOT pay -- there's no need.
The free/trial version runs for a while, and then offers you the choice to either:
a. pay for real-time scanning
or
b. "convert" to the free version (which only runs when you tell it to run).

I actually had MB "catch" something once -- looked like adware.
It got rid of it, never seen anything since.

If you have an m-series Mac, and a GOOD backup,
and
If you are really nervous,
then
You could do an "erase all user content and settings" and then do a restore from your backup.
(probably not needed).

 

[tweaknmod]

Contact Apple support about this
I'm pretty sure that you cannot have 2 different AppleID accounts active at the same time, on the same Mac.

incorrect. I use two Apple IDs on my MacBook Pro.

 

[Bigwaff]

incorrect. I use two Apple IDs on my MacBook Pro.

... but two different user accounts, yes?

 

[hch720]

I was told Macs can’t get viruses

 

[hg.wells]

... but two different user accounts, yes?

You can have a primary Apple ID enabled and then use another Apple ID in the App Store on the same user account.

 

[Bigwaff]

You can have a primary Apple ID enabled and then use another Apple ID in the App Store on the same user account.

That is an important distinction.

 

[Minghold]

Stop using Safari without adblocker...

Using an ad blocker is not going to make you invulnerable to malware. The way to not get malware is stay off random unknown websites...

...which you only got to because uBlock Origin and Adblocker Ultimate weren't on your Safari to make that page element invisible to your inadvertent click. (Malware doesn't hide in "normal"-looking ads; it's linked by fake stuff that looks the normal content you're trying to read.)

and don’t click links in emails.

Sure, it's important to get right on that because exactly 0.00% of Mac-specific malware comes in email.

 

[Minghold]

I was told Macs can’t get viruses

You don't understand: security-theater panic-mongering is the new marketing zeitgeist at Apple, where you are to live in abject terror that your computer become three years old and its installed OS fall off the currently-supported list (but not to worry, as they'll have new OSes that make your previously fast machine run like its legs are stuck in a pot of glue).