Apple Remote Desktop gives you more than a dozen commands you can use to control your remote systems easily. You can shut down all systems simultaneously, put to sleep, wake up, or restart any or all computers—all without leaving your desk. You also have the ability to remotely designate the startup disk for your client Mac computers. The Lost Mode feature of Find My Mac will remotely lock the Mac with a firmware password for one-time use. The user's Mac receives the lock instruction from iCloud, restarts, and asks for the system lock PIN code that they set up. After entering the passcode the Mac starts up from the designated startup disk and disables the passcode.
NoMachine for remote desktop access lets you redirect disk drives and devices between client and server. Remote Desktop Software for IT and helpdesk. Professional remote access software gives you 100% control over your IT infrastructure. Free download Watch video (2:19) Current version: 7.0.2.0. See release notes. Other platform downloads: Mac, iOS/Android, Linux.
You turn on your MacBook and feel that something is wrong: some files have disappeared, or new files were added. You wonder if someone has been watching your computer.
So, how to tell if someone is remotely accessing your MacBook? You need to check your logs, verify that no new users were created, make sure that remote login, screen sharing, and remote management are disabled, and no spyware is running on your computer.
There are three ways to access macOS remotely: allow remote logins from another computer, enable Screen Sharing or allow access by using Remote Desktop.
Both ways are legitimate, but if you don’t remember doing any of them you need to know how to turn on and off those possibilities.
Computers that run macOS as an operating system can log in to your Mac using Secure Shell (SSH).
Steps to enable remote login are the following:
Once Remote Login is enabled then users with access can use SSH to log in and browse your computer’s contents.
If you need help from IT to make changes on your MacBook, or maybe you are collaborating on a project and want to share your screen, you can enable Screen Sharing. Steps to enable as follows:
Now on another Mac (from which you want to access your Mac), start the Screen Sharing app.
You can start it by clicking Command and Space buttons. In a popup form, type Sharing and hit Enter. Type your computer name. In my case, I had to type in “dev-pros-MacBook-Pro.local”.
A new window will pop up with the shared screen of another computer. Now you can control the screen.
Finally, it is possible to login to a computer with macOS by enabling Remote Desktop.
Steps to enable as follows:
Now you can access this Mac from Apple Remote Desktop – it’s an application you can buy from Apple Store and at the time of writing its cost was $79.99.
If your Mac is being monitored, it will show this image (two rectangles) in the top right-hand corner near your computer time:
When that symbol appears, you will be able to tell if you are being monitored. You can also disconnect the viewer by clicking on the Disconnect option:
You can also click on “Open Sharing Preferences…” which will open the Sharing folder in System Preferences.
Since the question you had was if someone remotely accessing your computer then the chances are that you don’t need any of the sharing capabilities mentioned above.
In this case, check all options on the Sharing folder under System Preferences to make sure that nobody is allowed to access it and turn off (uncheck) all options.
Finding out if screen sharing or remote management were enabled and if your screen was being observed is the first step in knowing whether your Mac was hacked or not.
There are other places to check, and I listed them below.
If you are reading this post, chances are you noticed something unusual is happening on your Mac.
Sometimes you have a hunch, but you can’t explain it. However, most of those signs can be explained by reasons other than malware or hackers.
So, let’s review the major signs.
Following are some of the reasons why Mac can be slow:
This one is harder to detect now than before.
We used to have limits on how much Internet bandwidth we could use. Today, when many people have unlimited cable data, you may not even know that something is happening.
However, if you are on a limited plan and see a significant increase in data consumption (more than 25% more), it’s time to investigate.
The reasons could be the following:
Similar to the previous sign, problems with the Internet could be a sign pointing to a virus or adware affecting the browser.
Or it could be a new browser update. Or maybe the system became unstable.
Did you notice that apps getting stuck and eventually crashing?
Very often, it’s a sign of malware.
Additional reasons for frequent app crashes are the following:
This is something we all have seen. You download an app from the Internet, and it seems like it was legit software. But little did you know a good app was bundled with bloatware.
Usually, the result is that your default search engine gets changed from Google to Yahoo, the home page changes, and there are additional icons in the browser toolbar.
But there could be other issues such as adware.
Adware is trying to redirect you to other sites not related to what you are searching for.
Their goal is to direct traffic to certain sites. More traffic, more money they get. So, they litter your screen with pop-up, hoping that you can click and open the site you don’t want.
Malware often creates new files with cryptic names. For instance, ransomware encrypts the files on your disk and renames them. However, there could be more innocent explanations.
For instance, if you can’t find a file, it does not necessarily mean that it was deleted by malware or someone who logged in on your computer remotely. Maybe, you just can’t remember that you deleted the file or the folder. In this case, first, check Trash on Mac.
If you still can’t find what you need, check my post about finding any files. I guarantee, if the file is still on your Mac after reading my post, you will be able to locate it.
While you are maybe suspecting something bad happening on your computer, it very well may be a normal condition.
Things to try before starting panicking:
Sometimes glitches in software can make the current state of your system unstable. A reboot is still a remedy for many problems. You can either restart or shutdown and start again. The effect will be the same.
Macs have a little memory chip where they store some configuration information needed for many Mac peripherals to work. Surprisingly, this area gets corrupt pretty often.
Fortunately, there is a very simple fix – reset NVRAM/PRAM and SMC.
Apple has very good instructions on how to perform these tasks.
What they don’t tell is that you have to reset at 2-3 times in a row for a fix to work. I found out this in the school of hard knocks so that you don’t need to.
Lack of space on your startup disk may cause all kinds of issues: app slowdown, app crashes, high CPU usage, and MacBook overheating. Sometimes this may lead you to suspect that your Mac was hacked.
So, first, check how much storage you have left. And if it is not enough, you can either spend money on getting software that helps to clean your disk or read my article on free cleaning tips:
Apple releases a new version of macOS every year. While they do everything they can to produce quality software, bugs still happen.
For instance, after the recent iOS update on my iPhone, my podcast app starts freezing every time I pause. I still didn’t find why it is happening because I am too lazy busy.
In the case of the issue on hand, if you had a recent OS update, take time to investigate if the issues you are noticing are common for the release.
Macs are very dependable, and they can serve for many years.
However, any hardware gradually fails. For example, a failing disk causes unexplained app crashes. Failed RAM will prevent the computer from starting.
There is a good article on the Apple website about running hardware diagnostics. Try and see what it will report.
For a long time, I thought that all keyloggers could do to record keyboard strokes.
Imagine my shock when I started working on my post about keyloggers.
Suppose you are still suspecting that spyware is running on your machine.
In that case, you can use a third-party application like Little Snitch, which monitors applications, preventing or permitting them to connect to attached networks through advanced rules.
Setting up the rules for Little Snitch, however, could be complicated.
One of the typical spyware applications is a keystroke logger or keylogger. Keyloggers used to be apps that record the letters you type on the keyboard, but they significantly changed in the last few years.
Suffice to say that keyloggers can take screenshots every 30 seconds or even track your chat activity, including the messages sent to you.
I believe that keyloggers are a much greater security threat because they are easier to install and the powerful features they offer.
Check my article about keyloggers here:
As we’ve seen already, remote login or sharing options require assigning access roles to the local users.
If your system was hacked, it is very likely that the hacker has added a new user to access it. To find out all users in macOS perform the following steps:
On my laptop, it listed macmyths, nobody, root, and daemon. Macmyths is my current user, and the rest are system accounts.
If you see the accounts that you do not recognize then they probably have been created by a hacker.
To find when the last time all user accounts been used, type the following command into the Terminal:
For each account, MacOS will list the times and dates of logins. If the login to any of the accounts happened at an abnormal time, it is possible that a hacker used a legitimate account to log in.
It may be useful to check the system logs for any possible access issues.
In order to find a system log, click on the Go option in the top menu or simultaneously click Shift, Command, and G. In the “Go to Folder” pop-up type: /var/log and hit Enter.
Now find the system.log file and scan for word sharing.
For instance, I found the following screen sharing log entries:
These were log entries when someone logged in to my system remotely:
Your computer is not the only weak link you have to worry about.
Before the data flows into the system, it goes through the Wi-Fi router. And there are ways for bad guys to read all internet traffic, including emails and online transactions.
These are only two emails I received last month:
Email 1: “From a few days ago I’ve received an extortion email from y…[email protected] with threats to publish webcam video’s pictures from my wife and me in our intimate life. There are some things to verify if my computer’s webcam is under external control?”
Email 2: “I suspect my MAC has been compromised (I have a Macbook Pro) and all the software is up to date. I got an email from someone stating that they have recorded items via my MacBook camera. How can I check if this is possible?”
I guess that after reading these emails, you might have at least two questions:
First, it is entirely possible to record your camera remotely.
In fact, it’s very easy to do.
If a hacker has access to your Mac, all he needs is to launch a Quick Time Player (or Facetime) and start a new movie recording.
Obviously, there are other apps that can record the camera while being hidden.
If someone is recording you by using a MacBook camera, you will see a green light next to the camera.
In some cases, the green camera lights up even when there is no recording happening, only because a program got access to the device. But, it’s impossible to record without the green indicator off.
However, if you didn’t pay attention at the time of recording (were busy or not close to the computer), you will never be able to tell if you were recorded after the fact definitively.
In the older versions of the Mac operating system, you were able to use the lsof command with the Terminal, like so:
But lately, this command stopped providing anything useful.
So, instead of parsing Apple logs, get MicroSnitch to know whether your camera or microphone is engaged.
This is a very handy mini tool. When started, it appears in the menu bar on your Mac, and its icon changes if either video or audio, or both, become active.
Another cool feature is the Microsnitch log file. If you noticed any suspicious activity, you could check the log for past device activity.
If you want to use it, I suggest allowing it to run on startup. The app is very cheap – $3.99.
You can download it from their site or from Apple App Store.
Another thing to do is to go to System Preferences -> Security and Privacy.
Click on the Privacy tab and check programs under the Camera and Microphone sections. Remove the programs you don’t recognize (you can always add them back if needed).
And lastly, if you suspect that someone is controlling your laptop and if there is a chance that they are watching you thru the webcam, immediately apply a cover on the laptop’s webcam.
You can find my favorite webcam covers here.
While you have System Preferences open, check one more thing.
Click on the Users and Groups icon, select the user, then click on the Login Items tab.
Remove items you don’t recognize.
Warning: Before removing the application, google it first. You don’t want to break the applications you need, right?
I recently called Apple Support and complained about the slowness of my MacBook Pro.
I could’ve solved the problem myself, but I just wanted how much would it cost for Apple to perform diagnostics on a 5-year old MacBook.
Since I don’t have AppleCare for my Mac, I thought that they would charge me something.
Spoiler alert: they didn’t charge for anything.
So, when I called, the first thing the Apple advisor made me do is to install the Malwarebytes app.
While Malwarebytes is a solid recommendation for scanning, it is not the best. The same applies to the free version of Avast.
In fact, I stopped recommending it to any Mac user after the test I performed myself recently.
I tested a dozen of antimalware products, and only one detected 100% of 117 malware samples I intentionally downloaded on my MacBook.
So, if you need a recommendation on a good antivirus for Mac, check it here.
I found a cool and free tool that can be used to set traps if you think your computer was hacked. It’s called canary tokens.
When a potential hacker opens an email or a document with the token, it triggers an event in a remote location. And then you get an email notification.
Since I started this blog in 2019, I have been getting emails consistently from my readers. The interesting fact is that the majority of emails fall in two categories:
I have been answering individual emails, but since the number of emails was increasing steadily, I found myself not being able to help everyone. After all, I have a day job, and I have a family to take care of.
So, I decided to write a series of blogs about various security topics and put everything I know in one place, so everyone can find the answers to the questions they are asking.
I grouped all Mac security articles together, and the easiest way to follow them is by clicking the Next button at the bottom of each post.
It will take you some time (about 30 min), but in the end, you will know more about Mac security than most non-technical folks.
Or, you can use the following menu to jump directly to the topic of interest:
I also wrote a whole series of posts on antivirus solutions for Macs: