MAC.OSX.DevilRobber Trojan Removal

George Herman
George Herman
IT Security Expert

Get a FREE scan to check for problems

Some infections like this virus can regenerate themselves. There is no better way to detect, remediate and prevent malware infection, than to use a professional anti-malware software like SpyHunter. One Application that is capable of solving all MAC problems.


SpyHunter Anti-Malware FREE 15-day trial available.

What is MAC.OSX.DevilRobber

MAC.OSX.DevilRobber is a dangerous cyber infection that falls into the Trojan horse virus category. A virus like this infects the entire system and can perform various nasty and damaging actions, including spying on its victim. This malicious software is very stealthy and manages to slip through unnoticed on your computer. However, it cannot hack its way onto your system on its own. It needs your permission to do so.

How it is distributed

While Trojan viruses are more common on Windows devices, that does not mean that Macs are protected from them. It is possible to unknowingly infect your Mac device with the MAC.OSX.DevilRobber Trojan virus via torrent files, freeware, software bundles, email attachments, fake update messages, and even advertisements. Often, users allow parasites to access their computer without even realizing it. For example, when you install software on your computer, it may be bundled together with another program, the existence of which will probably not be properly disclosed. And, if you do not specifically opt out of it, it will automatically get installed on your computer without the need for further approval. Another common way which may lead to a virus infection is the fake update message. You may see a website with a warning message that you must install Flash Player. Do not click on any links like that. Always use reliable and official sources for any updates, so you know for certain that what you download legitimate programs.

How it operates

A curious thing about Trojan horse viruses is that they don’t necessarily get active the moment they infect the system. It might take a while until they start their malicious mission, which makes detecting them more difficult. But when they start wreaking havoc, you’ll surely notice their presence. The most common Trojan virus symptoms include but are not limited to slow internet speed, unresponsive applications, abnormal amount of advertisement content, corrupted/deleted files, modified Registry, etc. Through this virus, cyber criminals may be able to monitor not only your online activity, but spy on you through your web cam and microphone. What’s more, private information like passwords, IP addresses, bank accounts, credit card numbers, Login credentials, etc. may be obtained and shared with other third-parties for profit. The more time the MAC.OSX.DevilRobber virus remains on your computer system, the worse it will get. Your Mac will frequently freeze and be unresponsive to your actions. The only way to return your computer to a normal and secure state, is to remove this Trojan virus as soon as possible!

Staying safe from MAC.OSX.DevilRobber

Apart from having a reliable AV software installed on your Mac, there are other things you can do to ensure your device’s safety. We highly recommend you to:

  • Pay close attention when you install third-party software, especially torrent files, so you don’t install shady additional applications that you don’t want. In most cases, that’s how malicious parasites are able to infect your computer;
  • Read any Terms and Conditions you see, so you know exactly what you agree to. The last thing you want is to unknowingly give permission to a nasty virus to infiltrate your Mac;
  • Follow links that lead to trustworthy sites only;
  • It is best to visit only reliable and official websites. You never know what dangers might lurk behind an unfamiliar site;
  • No matter how attractive an ad is, if you are not familiar with the website it redirects to, it might be best to steer clear of it and not click;
  • Always check the sender’s email address before opening a message. If it states that it’s from an official company, compare the email with the one given in their official page. If there is no match, delete the message, since it most likely is fake and has malicious aims;
  • Don’t open email attachments from unknown senders. More often than not, such files carry infections that can seriously damage your computer.

How to manually remove MAC.OSX.DevilRobber from Mac

If you’ve had the misfortune of getting your Mac infected with the MAC.OSX.DevilRobber Trojan Horse, the instructions below can help you to remove it manually. Here’s what you need to do:

1. First, start by finding all registry entries added by MAC.OSX.DevilRobber and deleting them. You do this by holding down the Option key while looking at the Go menu in Finder to access the ~/Library folder. Find all related entries and delete them one by one.

2. Go to Utilities. You can do that by using the ⇧+⌘+U key combination, or by going to Finder and choosing Utilities from the Go main menu at the top.

3. Find Activity Monitor and double-click it.

4. A list will be displayed. Find any processes that seem suspicious to you and use the ‘Force Quit‘ option to quit them completely.

5. Open Finder. Click on the Go button from the main menu at the top, and choose Applications. An alternative way is to use the ⇧+⌘+A key combination.

6. Look for any suspicious applications, especially ones with a name similar to MAC.OSX.DevilRobber. If any are found, right-click on them and select the ‘Move to Trash‘ option.

7. Remove any related left-over files by going to Finder‘s search bar and typing the name of the app you want to remove. Make sure to modify the two drop down menus above to ‘System Files‘ and ‘Are Included‘, so that any hidden files are visible for you to remove. Once you find the files you want to remove, simply drag them to Trash.

8. All that’s left for you to do is remove any related extensions to MAC.OSX.DevilRobber from your Mac browsers.

For Mozilla Firefox extensions:

  • Open the Firefox browser and from the ‘burger’ menu in the top right corner of the window select ‘Add-ons’.
  • Select any suspicious extensions that may be related to the virus and click ‘Remove’.

For Google Chrome extensions:

  • Open the Chrome browser and select Tools > Extensions from the menu (the three dots in the top right corner of the browser window).
  • Locate any suspicious extensions that may be related to the virus and remove them.

For Safari extensions:

  • Open the Safari browser. From the Safari menu choose Preferences. Select Extensions from the options at the top.
  • Find any extensions you think are related to the virus, select them and click ‘Uninstall’. A new window will show up asking for confirmation. Click Uninstall again, for the extension to get deleted permanently from your browser.

Leave a Reply

Your email address will not be published. Required fields are marked *