How to Tell If Your Mac Computer Has Been Hacked
A hacker can gain access to your Mac by a variety of means, including social engineering and security vulnerabilities in the Mac OS X operating system or in installed applications. However, all of these methods result in Mac OS X keeping a log of the usage of each user account in the computer -- legitimate or illegitimate. You can access those system logs to determine whether your Mac has been used (locally or remotely) without your authorization.
Log in to your Mac OS computer using your regular user account.
Click "Applications" and then "Utilities."
Double-click on "Terminal." A new window will open, with a prompt for text-mode commands.
Type the following command into the Terminal window:sudo -lPress "Enter," type your password and press "Enter" again.
List all accounts existing on your Mac by typing the following command into the Terminal:dscl . list /usersPress "Enter." Mac OS X will list all existing accounts on the computer.
Check whether any account has been created without your permission by verifying that all accounts in the output of "dscl" have been created legitimately. If there are additional accounts, they probably have been created by a hacker.
Check whether an account has been misused by typing the following command into the Terminal:lastPress "Enter." For each account, Mac OS X will list the time and date of the last login to all existing accounts. If the most recent login to any of the accounts happened at an abnormal time, it probably was done by a hacker masquerading as a legitimate user.