A friend of mine called me in a mild-frenzy today saying he was hacked. He was texting with someone on an iMac via the native messages app (with iMessage) on MacOS 11.2.3 when all of a sudden the beachball showed up and internet seemingly tanked, and then the computer shut itself down–I confirmed that he did not click on any links prior.
Moments later though, people from his FB friend list started texting him saying they’re getting a Facebook friend request from a cloned version of himself (with no profile photo).
We changed his password and turned on two-factor, except digging into the settings showed no suspicious logins from a different state/country, so it seems like this hack was someone getting remote access to his machine (during beachball time) and then running lines of code to extract his FB contact list.
My biggest concern is what else the infiltration could have left behind (keystroke logger, a backdoor for future visits)? Could this piece of malware have left something in the BIOS where wiping the hard drive and reinstalling MacOS won’t fix? Or am I overthinking and we need to do nothing.
Should he purchase a piece of software like Webroot of Malwarebytes to give the computer a deep scan?
Thank you in advance,