Yesterday, I was commenting a supportive message on a rather personal YouTube video and as soon as I posted it, it said ‘Well done :)’ at the opening of my text. So I typed ‘who are you?’ On text edit, and my google account name on the comment section changed to ‘Le Lu’.
I freaked out and instantaneously changed p/w and everything. Then he remotely opened finder where my passport scan jpg was, I immediately disconnected my WIFI, ran antivirus app, backed up data onto my hard drive and started resetting my hard disk. I’m pretty sure the hacker could see my face through webcam and all, watching my reactions and all.
I can’t possibly figure out since when my laptop/network got hacked. I’ve also reset my router with a complete new name &amp;amp; p/w. Perhaps from previewing one of the spam mails by accident, or it may had been hacked since 2019 when I download a pirated software off torrent? I’ve been ignoring little bits and bobs of a programme window closing maybe once a week or so, unusually laggy login screen for quite some time. But this is the first time I got a response from the hacker.
So I’ve been running Kaspersky on my hard drive, the restored OSX is perfectly fine after running the full scan. So far it seems all of backup files in my hard drive was infected with Shlayer Trojan &amp;amp; adwares. The virus scan is still ongoing. [screenshots of virus scan](https://i.imgur.com/yuBaqtv.jpeg)
Whilst running the full Kaspersky anti-virus scan on my hard drive, it suddenly got ejected. Then after several attempts to reconnect my hard drive, I had noticed something wrong with my UI interface: I have two compartments for my hard drive but only one compartment is showing in the finder tab with the eject icon off-aligned. Both of them are visible in desktop however. [suspicious looking UI appearance](https://imgur.com/a/2WdOMxn)
The subtle remote attack was more visible, on the OS itself. It is now my 3rd attempt to wipe out my entire HDD and OS. am now stuck at the spinning globe bit on Mac Recovery mode and is increasingly slow. Getting error messages repeatedly and highly doubtful that this is a deep-rooted rootkit.