# Has my MacBook Pro been hacked?????



## stigc56

Hi
I have a MBP from 2014. Recently I installed Catalina and it all works fine BUT, a month back I began to notice that after my MBP woke up in the morning a lot of apps was running! Nothing was altered in Startup Items, nothing new and suspicious was installed.
Last night I changed the setting in the System settings so a password would be required to log in, but never the less it was same situation.
I took this picture this morning:




So it's Spotify, Books, Logic Apple TV, Fireforx, Itunes, Disctool . . . . . .
I need help!!
Reinstall?


----------



## Shad0wLandsUK

I would check Activity Monitor for anything suspicious, running worker processes etc. This could indicate bit-mining and other things, if there is a hack...

Also, check reddit for threads on macOS and hacks, always a good resource 
Hope that helps

Also, could run malwarebytes, in case of malware


----------



## MGdepp

Not sure about Spotify, Logic and Disctool ... but I read that Catalina does intense restructuring of the database for your iTunes library and users already wondered why their Mac got really slow or switched on automatically. No guarantee, of course, but it could be just that.


----------



## stigc56

Thanks for your reply.
I haven't found anything suspicious but I have send a question to Reddit, have to wait for approval though.


----------



## bigrichpea

Does it shut down properly? My Mac Mini has been restarting after shutdown since I installed Catalina and I have to shut it down again from the login screen.


----------



## stigc56

Yes it shut down properly.


----------



## cuttime

I see you have QuickSilver installed. I'd start by looking there. Perhaps there are some errant keystrokes being transmitted by your keyboard. (Or, perhaps a Bluetooth accessory?)


----------



## onebitboy

stigc56 said:


> a month back I began to notice that after my MBP woke up in the morning a lot of apps was running!


https://support.apple.com/en-gb/HT204005

Are these options disabled/enabled?


----------



## jcrosby

Related to the reply above...









MacBook Pro restarts during sleep


I have two issues with sleep, not sure when they started. 1. MBP wakes up the screen randomly during sleep. 2. MBP restarts during longer periods of sleep (I wake it up or open the lid and find out it restarted). Any ideas?




forums.macrumors.com





Also do you have automatic updates on? The reason I ask is it looks like Logic is trying to install its content, if the machine auto-updated to 10.5 Logic tries to fetch new content on 1st launch. Or, if you downloaded 10.5 before shutting down perhaps the content installer prevented shut down from occuring. (No idea for sure, just curious about that Logic screen that clearly wants to install content.)


----------



## Wunderhorn

Check the installed extensions and Login items. There is a lot of programs that install hidden background tasks without even informing the user and those can accumulate over time. Some of them are harmless, others come with added questionable intents (including Adobe, Google etc.)
I also have to note that the System Preferences Panel does only show a portion of them and you might look into some third party apps that perform this task better.

Aside from that I do not run my workstations anymore without Little Snitch. It catches suspicious processes, gives you information and full control of who can send data out and what is allowed to come in.


----------



## jcrosby

@stigc56 I forgot to mention a trouble shooting step you could try.

You can completely block all incoming access to your machine in the macos firewall and see what happens if you leave the machine on overnight. Basically quit all apps before going to bed but leave the machine on without sleeping, then set firewall to the setting below.

If a bunch of stuff is running again when you get up then you at least can rest easy that no one has remote access to your machine. That wouldn't rule out malware though so a good idea to run malwarebytes. (I believe you can demo it).

It could also point to some runaway system process, if you're on Catalina it's completely possible this is related to a bug in a recent update. Not sure, the most important thing to rule out first is that no one actually has access to your machine.







Finally I know they've locked Catalina down so no idea what you have access to after Mojave... In Mojave at least you can see processes that have the potential to launch themselves in:

_/Library/LaunchAgents, 
~/Library/LaunchAgents, 
/Library/LaunchDaemons_

Most, if not all things in here are fine. For example VSL shows _at.co.vsl.vipromidi.userd, _iLok shows _com.paceap.eden.licensed.agent. _That said it is where junk that runs itself in the background _can_ be. I've used *EtreCheck *to find misc/unnecessary stuff running in the past.


You might give these a quick read as well:









How to Catch and Remove Hidden LaunchDaemons and LaunchAgents on Mac


LaunchDaemons and LaunchAgents, which launch software automatically at login, can have a dark side. Here's how to monitor them and keep yourself safe.




www.makeuseof.com













macOS: Check Your LaunchAgents for Malicious Software - The Mac Observer


Your Mac's root-level LaunchAgents folder is a common location for adware to store files. Why is this bad? Well, it could mean that malicious software launches automatically when you log in to any user account on your Mac. Here's how to get there and what to look for!




www.macobserver.com


----------



## Nick Batzdorf

I'd also run the free versions of Malwarebytes and Bitdefender to see whether your computer has any STDs.

That's not a bad idea in any case.


----------



## rudi

Software Transmitted Diseases 

And that's also a +1 for running Malwarebytes and Bitdefender!


----------



## detritusdave

May be a severe solution, but have you tried backing everything up and re-installing everything? I really would tbh...


----------



## stigc56

Thanks to your all for your kind answers. I have decided to erase the HD and Reinstall MacOS. I think this will be the easiest action rather than using hours to find something that in the end will make me erase the HD and reinstall!


----------



## Bluemount Score

MGdepp said:


> Not sure about Spotify, Logic and Disctool ... but I read that Catalina does intense restructuring of the database for your iTunes library and users already wondered why their Mac got really slow or switched on automatically. No guarantee, of course, but it could be just that.


No offense, but your profile picture gives me horrible flashbacks


----------



## MGdepp

Bluemount Score said:


> No offense


None taken! 
I suppose, everyone has these movies you watched as a child and got so scared that you had to piss in your pants. For me that was actually a much milder film ... Snow White and the seven Dwarfs by Disney -- got scared by the evil sorceress!  But for some, it is the Marshmallow man, I guess. You were brave to admit it!


----------



## Zedcars

MGdepp said:


> None taken!
> I suppose, everyone has these movies you watched as a child and got so scared that you had to piss in your pants. For me that was actually a much milder film ... Snow White and the seven Dwarfs by Disney -- got scared by the evil sorceress!  But for some, it is the Marshmallow man, I guess. You were brave to admit it!


I think he means something that went down here a few months ago regarding a member that got banned. You weren't to know. It's a shame that great movie icon has been forever tarnished on this forum.


----------



## Bluemount Score

Zedcars said:


> I think he means something that went down here a few months ago regarding a member that got banned. You weren't to know. It's a shame that great movie icon has been forever tarnished on this forum.


That's it


----------

