How to Remove OSX.Calisto Trojan from Mac

George Herman
George Herman
IT Security Expert

Get a FREE scan to check for problems

Some infections like this virus can regenerate themselves. There is no better way to detect, remediate and prevent malware infection, than to use a professional anti-malware software like SpyHunter. One Application that is capable of solving all MAC problems.


SpyHunter Anti-Malware FREE 15-day trial available.

What is OSX.Calisto

OSX.Calisto is a dangerous virus that belongs to the Trojan Horse category. The threat was first detected back in July 2018 by Symantec researchers. Reports claim that this Trojan is particularly known for stealing keychains, taking screenshots, obtaining personal data, damaging the entire system with its malicious activity, as well as opening a backdoor to relay information to the cyber criminals behind the attack.

How it is distributed

In most cases, OSX.Calisto gets distributed via software bundles and infected email attachments. What usually happens is that the user sees an attractive app advertisement. It would be something like a video editor, a converter or a similar application that would be very useful to have. Then, the user would install the app in question and unknowingly allow the virus to infiltrate the device. It is not uncommon for the installed application to run smoothly and for the user to be satisfied with it. However, it is also not uncommon for such shady software to contain malicious code that acts as an activator for a virus on your Mac, as is the case with the OSX.Calisto Trojan Horse. Reports claim that the virus gets transmitted by emails too. They would be masked as messages from official companies, trying to make you trust them and open the attached files. Such attachments can carry the .exe, .bat, .pif, .scr, .vbs, extension or even something as simple as .docx.

How it operates

Once the virus gets access to the victim’s computer, it will start creating files and uninstalling important components. OSX.Calisto will also establish remote access to the infected Mac and enable both remote login and screen sharing, so as to open a backdoor for hackers to do whatever they want. Most often, this includes but is not limited to uploading/downloading/executing files, collecting browsing data, stealing passwords, bank account credentials, etc. Another thing that is known about the OSX.Calisto Trojan, is its ability to spy on users, usually by taking screenshots without their knowledge. As a typical Trojan Horse, its malicious actions on the Mac will have devastating results. It is likely that your device won’t work normally. You might experience lagging, slow internet connection, or your apps will fail to work properly. In other words, any type of work you want to do on your computer will turn into a hellish experience, if you’ve fallen victim to this nasty Trojan.

Staying safe from OSX.Calisto

While having a reliable AV software installed on your Mac is vital to keep it virus-free, there are other things you can do to ensure your device’s safety. We highly recommend you to:

  • Pay close attention when you install third-party software, especially torrent files, so you don’t install shady additional applications that you don’t want. In most cases, that’s how malicious parasites are able to infect your computer;

  • Read any Terms and Conditions you see, so you know exactly what you agree to. The last thing you want is to unknowingly give permission to a nasty virus to infiltrate your Mac;

  • Follow links that lead to trustworthy sites only;

  • It is best to visit only reliable and official websites. You never know what dangers might lurk behind an unfamiliar site;

  • No matter how attractive an ad is, if you are not familiar with the website it redirects to, it might be best to steer clear of it and not click;

  • Always check the sender’s email address before opening a message. If it states that it’s from an official company, compare the email with the one given in their official page. If there is no match, delete the message, since it most likely is fake and has malicious aims.

  • Don’t open email attachments from unknown senders. More often than not, such files carry infections that can seriously damage your computer.

How to remove OSX.Calisto Trojan Horse virus from Mac

If you’ve had the misfortune of getting your Mac infected with the OSX.Calisto Trojan Horse virus, the instructions below can help you to remove it manually. Here’s what you need to do:

1. Start by finding all registry entries added by OSX.Calisto and deleting them. You do this by holding down the Option key while looking at the Go menu in Finder to access the ~/Library folder. Find all related entries and delete them one by one.

2. The next step is to go to Utilities. You can do that by using the +⌘+U key combination, or going to Finder and choosing Utilities from the Go main menu at the top.

3. Find Activity Monitor and double-click it.

4. A list will be displayed. Find any processes that seem suspicious to you and use the ‘Force Quit‘ option to quit them completely.

5. Open Finder. Click on the Go button from the main menu at the top, and choose Applications. An alternative way is to use the +⌘+A key combination.

6. You should look for any suspicious applications, especially ones with a name similar to OSX.Calisto. If any are found, right-click on them and select the ‘Move to Trash‘ option.

7. Remove any related left-over files by going to Finder‘s search bar and typing the name of the app you want to remove.

8. Make sure to modify the two drop down menus above to ‘System Files‘ and ‘Are Included‘, so that any hidden files are visible for you to remove. Once you find the files you want to remove, simply drag them to Trash.

9. All that’s left for you to do is remove any related extensions to OSX.Calisto from your Mac browsers.

  • For Mozilla Firefox extensions:

    – Open the Firefox browser and from the ‘burger’ menu in the top right corner of the window select ‘Add-ons‘.

    – Select any suspicious extensions that may be related to the virus and click ‘Remove‘.

  • For Google Chrome extensions:

    – Open the Chrome browser and select Tools > Extensions from the menu (the three dots in the top right corner of the browser window).

    – Locate any suspicious extensions that may be related to the virus and remove them.

  • For Safari extensions:

    – Open the Safari browser. From the Safari menu choose Preferences. Select Extensions from the options at the top.

    – Find any extensions you think are related to the virus, select them and click ‘Uninstall‘. A new window will show up asking for confirmation. Click Uninstall again, for the extension to get deleted permanently from your browser.

Leave a Reply

Your email address will not be published. Required fields are marked *