If you think you have a keylogger on your Mac, be afraid. Be very afraid. If someone who knows what they’re doing gets a hold of your baby for longer than a few minute, there’s no telling what they could do – finding a keylogger does not mean that is the only thing they’ve done. In fact, finding one is a good thing, because it tells you to back your media and documents and BURN that hard drive. Buy a new one. I’m not kidding. Also, change all your passwords, to EVERYTHING. And use real passwords. Please. Ok, now on the apps.
Some of this info was taken from http://mackeyloggerprotection.com/ (which looks like it was written to get hits about five years ago – and a bunch of other places – but I’ve found keyloggers are things that sixteen year olds and the French write when they’re angry or bored. Because the Mac actually is a really well made system, keyloggers are few and far between, but they do exist. Most of them are pretty stupid, and will stand out in the Activity Monitor like a sore thumb. Best bet though, simply reinstall your machine.
First run some antivirus stuff – I know I know, Macs blah blah blah, but it can’t hurt can it?
http://www.iantivirus.com has all of these guys on their threat list. It doesn’t explicitly state that it gets rid of them, but it would be odd to just list them… right?
ClamAV’s OSX port also should be worth a try – http://www.clamxav.com/
http://macscan.securemac.com/ MacScan also claims to be able to find this stuff… but who knows – I didn’t test it.
If you are simply paranoid, and think that a hacker has done something to you, you can install a outgoing TCP/IP monitor and see if anything is “phoning home” – Little Snitch (http://www.obdev.at/products/littlesnitch/index.html) is the easiest, and Tripwire (http://tripwire.darwinports.com/) works pretty well if you’re a Unix kinda peep.
This is the most common one used as far as I can tell. Its stealthy to an extent, but removable.
LogKextClient is used to uninstall your keylogger. Open logKextClient and use the command uninst to automatically uninstall logKext – so if you run “sudo logKextClient” and you get “sudo: logKextCient: command not found” you’re probably safe.
Their manual states “A standalone script has been installed in your computer’s root directory that will uninstall logKext. It is called LogKextUninstall.command.” So a “locate .command” should give you a decent list.
Delete these files – see disclaimer
BlazingTools Perfect Keylogger for Mac (http://www.blazingtools.com/)
There is little to no documentation on this one. If anyone buys a copy and wants to rip it apart, please tell me. Thanks
Keyboard Spy 3.0 (http://alphaomega.software.free.fr/keyboardspy/Keyboard%20Spy.html)
Not particularly difficult to find or remove – look for “keyboardspy” in your activity monitor, or just look for the application of the same name – delete it and you’re done. I’d open it first to see where it is saving the log files (which it lets you name whatever you want) so you can delete those too.
Not really a true keylogger – it’s made for more ligitimate users wanting to track what they’re doing, but if someone thought you were pretty stupid, they might try it. Just look for a little revolver barrel icon in the system tray like in the pic.
I only installed trial version… so I just did these two steps – but it showed up in the activity monitor.
1. Open the app from the applications folder. In the menu that pops up, there will be a button saying “Uninstall Type Agent”.
2. If it isn’t in the applications folder, go to your harddisk> library > Startupitems and delete the folder saying “TypeAgent”.
KeystrokeRecorder will only work if you check the ‘Enable access for assistive devices’ checkbox located in the ‘Universal Access’ System Preference pane. Simply go to the ‘Apple Menu’, choose ‘System Preferences’, then click ‘Universal Access’ – if assistive devices is checked, be suspicious (unless you’re blind or deaf or something)