How to know if your Mac has been hacked

It’s a long-held belief of Mac users that their computers are immune to the kind of malware and viruses that plague Windows PCs. While there is some credibility in this idea, we shouldn’t get over-confident when it comes to Mac security, as there are exploits that criminals can use to hack your Mac and leave it like a wide-open door through which they can steal your data or worse.

In this article, we take a look at whether Macs can be hacked, how to tell if your Mac has been hacked or if someone is spying on your Mac, and what you can do if your Mac is being remotely accessed. Here’s what you need to know – and what you need to do.

Can Macs get hacked?

Apple has gone to great lengths to make it difficult for hackers to gain access to Macs. With the protections offered by Gatekeeper, the Secure Enclave features of the M1, M2 and M3-series of chips, and the T1 or T2 chip in some Intel-powered Macs, plus Apple’s built-in antivirus XProtect, targeting Macs may well be considered too much effort by hackers. We discuss this in more detail here: How secure is a Mac? and in Do Macs need antivirus software?

However, from time to time security vulnerabilities are detected that could be used by hackers to exploit Macs. These vulnerabilities are sometimes referred to as back doors or as a zero-day vulnerability. When these are identified by security researchers (or friendly hackers) they usually alert Apple to them in the hope that the company will quickly close the vulnerability, quickly – or within zero days – before it is exploited. 

Such vulnerabilities, though rare, could allow an attacker root access to your Mac.

Apple is usually quick to fix, but there have been cases where Apple has been criticized for being slow to respond to the threat once it’s been identified.

For example, in August 2023 a software developer released details about a flaw in App Management, a security feature introduced in macOS Ventura designed to prevent malicious software modifications and alerting the user in such an instance. The developer had discovered the issue before the release of Ventura in October 2022, but a fix was not immediately issued, so, in August 2023, the developer went public with details of the flaw which meant that apps could bypass the check by App Management. More here.

In another example, researcher Filippo Cavallarin found a Gatekeeper vulnerability in 2019 that he alerted Apple to. Having had no response from Apple within 90 days he went public with details of the vulnerability.

In December 2023, a group of university researchers alerted Apple to a vulnerability in Apple’s M-series chips that can be exploited to gain access to cryptographic keys. Dubbed “GoFetch,” the vulnerability could be used by an attacker to access a user’s encrypted files. As of June 2024, Apple is yet to issue a fix, perhaps because of its effect on performance.

Those pointing out vulnerabilities aren’t always ignored by Apple. In 2021, Apple paid a student $100,000 after he discovered a dangerous vulnerability relating to Macs and reported it to Apple. The vulnerability, which could enable a hacker to gain control of a Mac user’s camera, was identified by Ryan Pickren in July 2021 and fixed by Apple in macOS Monterey 12.0.1 on October 25, 2021. More information here: Hacker ‘could take over any Apple webcam’.

It’s not always a flaw in Apple’s software that can leave Macs vulnerable. In August 2023 a serious vulnerability that affects Intel processors was highlighted. Affected devices included Intel-powered Macs from 2015 onwards (M-series Macs were all ok). According to researcher Daniel Moghimi: “Downfall attacks target a critical weakness found in billions of modern processors used in personal and cloud computers.” Intel released a patch, but it’s not the first time this has happened. Back in 2018, in a similar case, Meltdown and Spectre attacked vulnerabilities in Intel and ARM processors. That risk was mitigated by updates to the operating system which closed off the areas that were exposed.

Digital Forensics Do Macs get hacked?

It may be rare when compared to Windows, but yes, there have been cases where Macs have been accessed by hackers.

This can take various forms and there are various types of Mac malware that have been discovered ‘in the wild’ on Macs as you can see from our run-through of the various threats affecting macOS: List of Mac viruses, malware and security flaws. Soon after launch, Malware targetted the M1 Mac – read about Silver Sparrow and the first cases of malware for M1 Macs.

And in April 2024 Apple alerted some users via an email, suggesting that they may have been the target of spyware. “Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID -xxx-,” read the email, as detailed here: Apple warns users in 92 countries of spyware attack.

This kind of attack isn’t likely to affect the general public though, so if you aren’t protecting state secrets or heavily invested in cryptocurrency you are unlikely to fall fowl of such an attack.

How Apple protects Macs from hackers

Apple is kept busy patching these security flaws as and when they arise, but it used to be reliant on users to install them. Before Apple launched macOS Ventura in 2022 an update to the operating system was required to get the important security component on a Mac. Since some people delay installing operating system updates this was problematic so Apple changed the way security updates are applied to Macs. These important security updates can now be delivered as background updates that can be automatically installed on a Mac without the user having to do anything–although we recommend you check the following to ensure it is set up on your Mac:

1. Open System Settings.
2. Choose General.
3. Click on the i beside Automatic Updates.
4. Make sure that the option to Install Security Responses and system files is selected, even if you choose not to select the others (although we recommend you do).

If you aren’t running Ventura or later then when Apple issues a macOS update with a security component it is important to install it as soon as possible. You can still set your Mac to automatically download and update the operating system – just follow these steps:

1. Open System Preferences.
2. Click on Software Update.
3. Click on Advanced.
4. Make sure that the option to Install system data files and security updates is selected.

Now your Mac will check for updates, download the update, and install the update without you needing to do anything.

Can a Mac camera be hacked?

Once a hacker has access to your Mac there are various ways in which they might try to gain information about you or use the processing power of your Mac for their own purposes. As we mentioned above, in the case of spyware the hacker might attempt to install a keylogger so that it can record what you are typing and look out for your password. The hacker could also attempt to hijack your mic or video camera.

Theoretically, this shouldn’t be possible: since macOS Catalina launched in 2019 Apple has protected Mac users from these types of exploits by ensuring that you have to give your permission before the mic or video camera is used, or before a screen recording can take place. And if your video camera is being used you will always see a green light next to it. However, the example we mentioned above, where Ryan Pickren alerted Apple to a vulnerability that could enable a hacker to gain control of a Mac user’s camera, suggests that Apple’s alert wasn’t enough to stop the camera from being accessed.

There was also a camera-related vulnerability that affected Mac users of the video conferencing service Zoom. In this case, hackers could add users to video calls without them knowing and then activate their webcams but keep the light turned off. This would enable any potential hackers (or law enforcement bodies) to monitor your activities and you wouldn’t have any idea that the camera was watching you. Zoom patched the vulnerability, but only after it became public knowledge when the person who found it reported that the flaw had been left in place for three months after the company had been privately informed of the risk. For more information read: How to stop your Mac webcam being hacked.

Wondering about whether FaceTime is secure? Read
Is Apple FaceTime safe?

If you think your Mac has been hacked there are a few ways to find out. First of all look for the signs: Has your Mac slowed down? Is your web connection painfully slow? Do the ads you are seeing look a bit more dodgy than usual? Have you noticed anything strange on your bank statements? 

1. If you think an account might have been hacked then check the website haveibeenpwned.com and pop in your email address to see if it’s featured in a data breach. If it has been then change your password! This doesn’t mean you have been hacked, but it’s certainly possible that if this information is out there you could be.
2. Another way to tell if there is some strange activity going on would be to check Activity Monitor and look specifically at network activity.
3. You could also go to System Settings > General > Sharing (or System Preferences > Sharing pre Ventura) and check if anyone suspicious has access to anything such as Screen Sharing or Remote Management.
4. Your best bet is to run a sweep of your system with some kind of security software that can check for any viruses or malware that may have made it onto your system. We have a round-up of the best Mac antivirus apps, where we recommend Intego as our top choice.

You may also like to read our guide on how to remove a virus from a Mac.

Digital Forensics How to protect your Mac from hackers

macOS is a very secure system, so there’s no need to panic, but if you want to reduce the chances of being compromised then there are a few things to do.

1. The first is to only download software from either the Mac App Store or the official websites of manufacturers.
2. You should also avoid clicking on links in emails in case they lead you to spoof websites and malware.
3. Don’t use USB cables, other cables, or memory sticks, that if you can’t be sure that they are safe.
4. When you are browsing the web surf in private or incognito mode.
5. If you ever receive a ransomware request or a phishing email do not respond as all this does is confirm that you exist.
6. Another is to make sure you download updates to macOS as soon as they become available as they usually include security patches. In fact, you can set up your Mac to automatically download such updates. Turn on Automatic Updates in System Settings > Software Update, click on the i beside Automatic Updates and select all the options. Pre-Ventura, go to System Preferences > Software Update and click beside Automatically keep my Mac up to date pre-Ventura.
7. Finally, consider using a dedicated security software package. You’ll find our pick of the current offerings in best Mac antivirus. Right now our top choices are Intego Mac Internet Security X9, but we also like McAfee Total Protection 2021, and Norton 360 Deluxe.
8. You should also consider using a password manager, as this will allow you to have multiple, complicated login details across all your accounts without having to remember them. Here our recommendations are LastPass, 1Password, and NordPass.

Glossary of terms

We’ll run through the types of hacks that are more pertinent to the hacking of Macs below:

Cryptojacking: This is where someone uses your Mac’s processor and RAM to mine cryptocurrency. If your Mac has slowed right down this could be the culprit.

Spyware: Here hackers attempt to gather sensitive data about you, such as your log in details. They might use key loggers to record what you type and eventually have the information they need to log in to your accounts. In one example, the OSX/OpinionSpy spyware was stealing data from infected Macs and selling it on the dark web.

Ransomware: Some criminals use Ransomware to try and extort money from you. In cases like KeRanger hackers could have encrypted files on Macs and then demand money to unencrypt them. Luckily Security researchers identified KeRanger before it started infecting Macs so it was addressed before it became a serious threat. In April 2023 security researchers warned that a collective known as LockBit was working on ransomware encryptors that work on both Macs using Apple M-series chips and Intel processors.

Botnet: In this case, your computer becomes a remotely operated spam machine. In the case of the Trojan Horse botnet OSX.FlashBack over 600,000 Mac computers.

Proof-of-concept: Sometimes the threat isn’t actually seen in the wild, but is a proof of concept based on a loophole or vulnerability in Apple’s code. While this is less of a threat the concern is that if Apple isn’t quick enough to close the vulnerability it could be utilized by criminals. In one example Google’s Project Zero team designed a proof-of-concept known as Buggy Cos which was able to gain access to parts of macOS thanks to a bug in macOS’ memory manager.

Port exploits: It’s not always the case that the hack is made possible by some sort of malware downloaded onto the Mac. In some cases, Macs have been hacked after something is plugged into a port. It is possible that Macs could be hacked via the USB and by the Thunderbolt port – which is a good reason to always be careful about what you plug into your Mac or leave your Mac unattended. For example, in the checkm8 exploit it could have been possible for hackers to gain access to the T2 chip by plugging in a modified USB-C cable. Similarly, in the case of Thunderspy a serious vulnerability with the Thunderbolt port could have granted a hacker access to a Mac.

Feeling more secure now? Learn even more by reading the helpful tips in How to keep your Mac secure.

Author: Karen Haslam, Managing Editor, Macworld