full image - Repost: Give me your rootkit sleuth kit. (from Reddit.com, Give me your rootkit sleuth kit.)
Mining:
Exchanges:
Donations:
Hey, all. I’m okay versed in computers, but I’m nothing fancy—the extent of my meanderings might be setting up arch Linux in VM or Debian on old laptops I don’t know the password to. Recently my Mac ran into some issues and I believe them to be coming from a USB3 to HDMI cord from amazon.Immediately after plugging in the cord I experienced massive changes in my GUI. The crispness of windows was lost, i had different cursors, and I could resize windows only x and y axis— losing the ability to size diagonally. I was in photoshop at the time and it kept wanting to crash, but before the cord I’d had no problems.Things seemed so funky. The environment was reminiscent of being in a virtual machine or booting an ISO image from a flash drive. After seeing if settings would aid me in returning to normalcy, I inevitably accepted defeat and system wiped and reset.Booting up afterwards it very much seemed like more code than the original injection from the USB was implemented. It went from the worst replication of Apple’s OS I’ve ever seen to Generic Apple Light.I’ve managed to see the original MacOS only once since plugging the cord into the computer, and that was booting into safe mode after a complete loss of power from letting the battery die.I suspect the laptop isn’t even turning off completely, but whatever is occurring— it really keeps guiding me into connecting to the WiFi and starting again. I have tried accessing the UEFI/BIOS, entering recovery mode, etc… to no avail.Playing with some other macs for reference, it appears this suspected infected Mac is skipping about two or three questions regarding date and time or whatever else for initial setup and instead immediately wants to connect to the internet again.I want the infected Mac to work again, as it had about a terabyte of HDD and other hardware that made it better at running VMs than any other computer I have available. Unfortunately, from a preliminary google I think I’m dealing with a “rootkit” or something else that hijacked it.What are some computer analytical means of safely seeing what may have been done? Can I hook a Debian laptop up to the infected cord and see if there’s anything out of the ordinary without putting that laptop at risk? I would presume hooking up another Mac to either the cord or the infected laptop would be a no go. Is there a way to use a VM to safely access suspect USBs without their contents infecting the host?Any and all armchair advice and brainy banter on the matter is welcomed. I’d take suggestions on everything from how to safely repurpose the computer components, to what network commands to run on the router to keep alert about all traffic after this attack, or even tips on wire stripping the cord to look for hidden data devices.
Social Media Icons