Answers...

to commonly asked questions.

Have I been hacked?

Is it possible my MacBook air is hacked? Two days in a row around the same time (6 a.m) my mouse was “taken over” meaning I couldn’t control it and immediately shut computer down, now I pulled up my mail and before it “straightened itself out” all my mail headers were in kyrillic (russian writing?) Otherwise it’s been operating normally
___________


That does sound like odd behavior. One of the crucial factors here would be if you saw your mouse moving around on the screen and things being clicked as you watched. For a computer to be "taken over" that would insinuate that someone was controlling it remotely using a piece of software such as TeamViewer, AnyDesk, Zoom, or GoToMeeting. You would have also needed to grant permission for either of those in the past by having entered your computer's Admin password at some point then left elements of one of those applications running so someone could log in remotely. While I definitely have seen this behavior (just this week with another client) it is very rare that someone would get that far.

As for the different language appearing, I don't have an explanation for that. One guess could be that there's a problem with the graphics card of the computer as it tries to display characters. (doubtful) Another guess is that there's a problem with the operating system causing the fonts or characters to display incorrectly. (also doubtful)

The most interesting piece of evidence is the fact that it happens consistently at 6am. There are small programs or procedures that run on our computers called chronscripts. These procedures usually run when the computer is left open all night. These are healthy tasks a computer does in the background to keep our computers organized. Think of them as a background cleanup. They don't run during times when you're using your computer. It is possible one of these chronscripts is damaged and causing that behavior.

I've given several explanations to things but to give you piece of mind I would be happy to address the issue remotely or in person. Most of the time, in my experience people feel they've been "hacked" or their privacy violated when often there's a different reason a certain behavior has occurred. However, that's not to say that this doesn't happen. I've seen it plenty for many many reasons. Just this week I worked with a client who was tricked into paying a very large amount of money ($2000) because they through they were talking with Apple support on the phone and the person thought their computer was locked and the only way to unlock it was to pay this person on the phone. It was only an ad on a webpage that got them to that point.

Please let me know if you have any additional questions. You could also take a screenshot of the Russian language and share it with me. command+option+4 then drag a square around what you'd like to share. The screenshot will land on your desktop and you can email it.
This image is a theme.plist hack