Im writing here while I watch clamav run a full system scan. I have been running Eos as my main for 6months now.
Please forgive my english as its not my main language. For context, almost a week now. I started to get authentication request on my authenticator. On a very specific time of day. Where I dont usually hold my phone. When I open the authenticator, the request was already expired, so someone who tried to login into my email didnt get access. At first I thought, it might be an old request from me during the day that didnt complete, or I accidentally trigger it when I try to login into a different browser. Then I noticed that it keeps happening, everyday during a specific time span. So I waited for it. And to my surprise, its a login request from a Mac. I only have a macbook air, and its a shelf under my tv I have not open for almost a year. This got me a little worried. So I login to my account and check what is happening, there have been multiple signin attemps from around the world in the last week.
As any sane person would do. I changed my password(s). I changed my email login alias. I also updated my password in my browser(s)(yes I know, I am learned my lesson, Im out for a better password manager). That was Tuesday. Comes Wednesday, I didnt get any notification from the authenticator. And today here we are. I was watching TV when I heard a ping on my phone. Its the same notification, from a mac, from the same country. My heart sank when the request came from the new alias, that I never gave out to.
Now my first suspect are my browsers. I check firefox which btw, I did not update the password and new alias to. But when I did the house cleaning, I changed my mozilla profile password and added an authenticator, I changed my profile password for google chrome. I went into brave, and remove all other devices from the sync chain. I am leaning more towards brave to be the source… But to be safe as I mentioned I updated my system this afternoon, and now installed clamav and running a full scan.
I was reading on the brave forums when someone suggested to check my emails to https://haveibeenpwned.com/ no result.
So… If anyone has any suggestion for a good password manager that works with firefox, brave(depending how this goes), chrome, etc. I am all ears. Also, suggestions how or where to check my system if in case clamav miss anything.
Thanks for any possible help!