OSX.EvilOSX

detection icon

Short bio

OSX.EvilOSX is Malwarebytes’ detection name for a Remote Access Trojan (RAT)  that targets systems running macOS.

Type and source of infection

OSX.EvilOSX is a Python-based RAT that uses encrypted payloads to bypass detection and gain control of a system.

Protection

Malwarebytes for Mac and ThreatDown detect and remove OSX.EvilOSX

Home remediation

Malwarebytes for Mac will detect and remove the components of this malware.

  • Download and install the latest version of Malwarebytes for Mac.
  • Click the “Scan Now” button to perform a system scan.
  • If threats are detected during the scan, a count of detected threats is displayed. More detailed threat information is displayed after the scan completes.
  • Click “Confirm” to move the detected threats to Quarantaine.
  • If a restart is required to complete remediation of threats detected during a scan, you will be notified. When a restart is required, please remember to save all work before clicking “Restart”.

Business remediation

How to remove OSX.EvilOSX with the ThreatDown console

You can use the ThreatDown console to scan endpoints.

endpoint menu

Nebula endpoint tasks menu

Choose the Scan + Quarantine option. Afterwards you can check the Detections page to see which threats were found.

Nebula detections

On the Quarantine page you can see which threats were quarantined and restore them if necessary.

Nebula Quarantaine

detection icon

Related blog content

Contributors icon

Contributors

Threat Center icon

Threat Center

Podcasts icon

Podcast

Glossary icon

Glossary

Scams icon

Scams