Free Keylogger was detected on my MacBook Pro (2019)

So, I know that keyloggers can be hidden inside of image files (jpg especially) and by other means of exploiting steganography. If you are not sure what I'm talking about, just Google "A Steganography-based Covert Keylogger" – and know that this is just one way of getting keyloggers installed on anyone's computer.

Some keyloggers also have the ability to send screenshots of your desktop to whoever gave you the keylogger.

So in the last three months, multiple accounts of mine (e-mail, web application, desktop applications) have "told" me that my password was leaked. In some instances, I changed my passwords, but even some of those were compromised again.

All I really want to know is: Is there any way to trace how the Free Keylogger got "installed" on my MacBook?

For all I know, if it's in a JPG, I could still have the source of it all on my MacBook. Which would be good, because I would then know who's responsible.

Or it could be really bad, because I might not suspect a certain person and possibly look at that image again. Opening the JPG is all it takes to install the key logger.

Does anyone know anything about finding sources of key loggers? I have Sophos antivirus, and it runs every day, but it did not detect anything. Are there any tools that can identify which images or other sources contain keyloggers?

I know this is tricky, but I thought I would ask anyway.

Thanks much.