SpyEvil

SpyEVil (Trojan.MacOS.SpyEvil) is a Trojan virus tailored to retrieve real-time data from infected devices and transmit them to a remote server. The data gathered by SpyEvil vary from login credentials to screenshots. Having an active SpyEvil Trojan infection on your Mac exposes you to huge privacy risks. How can it reach you, though?

The SpyEvil Trojan often comes disguised as a genuine-looking software update of a popular tool — a Flash Player update, a Snapchat tool, or a multi-file conversion tool, to name but a few. And it would be a real genuine update had it come from the official website of the corresponding software developer. That is not the case with SpyEvil, for it resides within fake websites designed to copy their original counterparts. The Trojan's code is an integral part of those seemingly innocuous tools.

Another popular infection vector utilized by SpyEvil's actors relates to email malvertising, where the Trojan's payload stays within a malicious attachment. The email message itself usually sounds real, and it relies on social engineering tricks to entice recipients to open the attached file. Such a file could be an invoice, bill, or another macro-dependent text document. If that were the case, SpyEvil would unleash its malicious payload after you have enabled macros to view the attachment.

The actual infection process concludes with the setup of a remote server connection. The latter allows the crooks in charge to see what you do on your Mac as if they were given access through a remote desktop application. They can view the pages you visit, the passwords you type, run any app they wish, set up new user profiles, and even copy files or folders to the remote server while keeping you clueless. The list of potential damage could grow exponentially should the crooks decide to drop additional malware onto the infected Mac(s), which could only worsen after the initial infection.

When talking about prevention, we always urge our readers to pay close attention to any app they install, especially when it comes to software bundles that do give you the option to select the tools you wish to have and ignore those you don't. That is why going for custom rather than the full or standard installation is a must. Also, make sure to get your apps from their official points of sale. Doing so will lead you away from potentially dangerous copycats. Last but not least, avoid suspicious-looking emails from unknown senders as they may contain malicious attachments aimed at making your life difficult.

Yet, if the SpyEvil Mac Trojan has found a way into your system, you'll need to get down to work immediately. Manual removal is possible, albeit not always practical. In SpyEvil's case, the Trojan will be running as a process in your Utilities folder under the Activity Monitor tab. Force quitting the process should do. However, if that doesn't help, SpyEvil may have hidden some of its files elsewhere within the MacOS. In this case, you'd be better off deploying a reliable anti-malware program to clean the system.