Trojan.MacOS.RealTimeSpy
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 90 % (High) |
| Infected Computers: | 9 |
| First Seen: | January 27, 2021 |
| Last Seen: | December 8, 2022 |
Trojan.MacOS.RealTimeSpy is the detection for variants of the Realtime-Spy software. While Realtime-Spy is a legitimately developed and distributed software, anti malware solutions will detect it as a threat. This goes for all applications designed to stealthily monitor Macs. Even if the developers are real companies with legitimate business operations, such applications pose a severe security threat if used by cybercriminals.
In the case of Realtime-Spy, there is no need for theories. A variant of the application has been used in attacks in the past. In late 2018, security experts identified a campaign trying to install a repurposed version of the Realtime-Spy binary in an attempt to compromise the systems of Exodus users. Exodus is a cryptocurrency wallet and management application. Users of the Exodus app were targeted with emails claiming to offer an update for the application. In fact those emails would lead to the installation of a version of Realtime-Spy. Realtime-Spy has the most common functionalities offered by surveillance software. This includes keystroke logging and other ways to get access to cryptocurrency wallet credentials. There was no proof and no real reason to suspect that the developers of Realtime-Spy had anything to do with the attack, but that doesn’t change the fact that surveillance software can be used by cybercriminals to do a lot of damage.
As mentioned above, Realtime-Spy has the capabilities that other similar applications offer:
- Typed keystroke recording.
- Clipboard capturing.
- Screenshot recording.
- Email reporting.
- Credentials logging.
- Chat recording.
It doesn’t take a cyber security expert to understand how such functionalities can lead to significant damage when used by criminals. Cryptocurrency owners make for the most logical targets, but even those that don’t dabble with crypto can stand to lose a lot. Identity theft can be devastating to anyone.
On the bright side, Realtime-Spy and most other surveillance software solutions aren’t undetectable. Using a good security solution for Mac and keeping it up to date will significantly reduce the risks associated with spyware. Anti malware software can stop surveillance software from being installed in the first place and it can also detect and remove such threats after they have been installed.
