Information Security

How to find spyware stealing data from MacBook?

Situation:
A person with low computer literacy. Uses a MacBook purchased from a trusted (probably) person who sets up the initial software and provides support through TeamViewer.
Recently, phone numbers (and, possibly, correspondence via iMessage / SMS) have leaked. Most likely, the leak was from the MacBook remotely, and not from the iPhone - the hacker did not have physical access to the devices. And this is definitely not a mobile penetration, there are certain arguments for this.
The address book is stored in iCloud and synced with iPhone. What else is actually stolen there besides phone numbers is still unknown.

Question:
What are the best ways to detect infection?
The first thing that comes to mind, besides viewing a list of all processes, is to monitor traffic through Wireshark, try some kind of antivirus / anti-spyware?
The person is a public figure. I admit that for the sake of espionage, the attacker could spend his time and come up with some non-trivial way.