You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

suspected spyware implant

Hey, I have an iMac Pro 27" 2017 with Ventura 13.6.6 OS


I recently found a .mov file in my uploads that was partially blanked out... as if it was still uploading. I don't recalI downloading a movie file and tried to delete it and it wouldn't allow this, stating that it was being used by another app. I got busy and left it and it remained like this for a couple of weeks. Then I got an email from a criminal stating they had hacked my computer with some sort of very difficult to find spyware and demanding a payment in bitcoins. I thought it was just a scam. When I looked up signs of malware, or spyware in my Activity Monitor there was a very high memory usage for parsecd, though I don't us Seri at all. I googled about signs of malware on an apple, and one sign was change in browser function. I use Safari and recently it has been acting differently on YouTube: taking a bit to focus the screen for example. I am not experienced in tracking things down. I do have ClamXAV and am going to run a complete scan. Are there other things I should do?


iMac Pro (2017)

Posted on Apr 25, 2024 6:27 AM

Reply
3 replies
Sort By: 

Apr 25, 2024 6:52 AM in response to bhsngsacsrrs

  • You do not have spyware. The email you got is a scam and you can just delete and move on with your day. Everyone gets those same type of emails and have nothing to do with the movie file. For info on similar emails/messages you will see, review this support article to identify and report them.

Recognize and avoid phishing messages, phony support calls, and other scams - Apple Support


  • To delete the movie file, restart your mark and delete it


  • The parsecd process is built into MacOS and is used to gather suggestions for Siri, Safari, Messages and other apps. This is a normal process that we all have and you cannot remove it. It is needed for MacOS


  • ClamX AV is useless. Simply click the search option on the top of this page and enter "ClamX" and you will see all the problems other users have had with this app. They rely on scaring users to believe there is something wrong with your computer that only they can solve by giving them money. Don't fall for it.



Reply

Apr 25, 2024 6:38 AM in response to bhsngsacsrrs

bhsngsacsrrs wrote:

Hey, I have an iMac Pro 27" 2017 with Ventura 13.6.6 OS

Then I got an email from a criminal stating they had hacked my computer with some sort of very difficult to find spyware and demanding a payment in bitcoins. I thought it was just a scam.

Yes, it's a scam, a fairly common one, in fact.


When I looked up signs of malware, or spyware in my Activity Monitor there was a very high memory usage for parsecd, though I don't us Seri at all. I googled about signs of malware on an apple, and one sign was change in browser function. I use Safari and recently it has been acting differently on YouTube: taking a bit to focus the screen for example. I am not experienced in tracking things down. I do have ClamXAV and am going to run a complete scan. Are there other things I should do?

You cannot tell from your Activity monitor. if you've been hacked, regardless of what you read on the internet. If it were that easy, malware detection software wouldn't be necessary. I think the scam email did what it's supposed to and scared you. That's how they get you to give them stuff. And now, you're reading things into otherwise benign occurrences.


Read here for more information on how to stay safe;


Effective defenses against malware and ot… - Apple Community


Reply

Apr 25, 2024 6:34 AM in response to bhsngsacsrrs

A .mov file is a QuickTime movie. That's it.


The email has zero relation to the .mov file. None. These types of scam emails go out by the millions, then the crooks sit back and see who will sucker for it and deposit money into their Bitcoin account.


Ignore the email and delete it. That's literally all you need to do.

Reply

suspected spyware implant

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.