How to remove malware and viruses from Mac

It has been a long time since we believed that Macs could not get viruses. While Mac computers are more secure than their competitors, they still can get infected. The number of Windows infections often overshadows macOS-specific threats, making users assume that Macs are completely immune. 

But is there a difference between malware and viruses? Malware is an umbrella term for malicious software that performs unauthorized tasks on your device. These can include stealing sensitive information, tracking keystrokes, unauthorized network access, or geolocations. A virus is just one specific type of malware.

Here are some of the latest Mac-specific threats:

Banshee Stealer — Malware-as-a-service that targets macOS users, stealing browser credentials, passwords, and cryptocurrency wallets.

North Korean FlexibleFerret — macOS malware disguised as popular app installers like Zoom and Google Chrome. 

Poseidon (aka Rodrigo) — Another macOS stealer capable of extracting data from crypto wallets and accessing data from password managers.

Knowing how to spot the early signs of a threat and remove malware is essential to keeping your Mac safe. 

Does Apple protect itself enough? 

Apple provides a three-layer malware defense to help you avoid most threats. Gatekeeper serves as the first line of defense, scanning software for malicious components and ensuring that only trusted apps can be installed. If malware does manage to sneak in, XProtect, an antivirus built into macOS, works alongside Gatekeeper to detect and block the threat. In cases where a Mac is affected, XProtect removes malware and restores Mac systems.

While macOS is well-protected, cybercriminals continue to find ways to bypass these security measures.

According to Moonlock's 2024 macOS threat report, the rise of malware-as-a-service allows attackers to distribute malware with minimal effort and resources, making these threats more accessible and widespread.

Here are some of the most prevalent macOS threats you should be aware of:

• Adware: Unwanted software that displays intrusive ads, tracks browsing activity, and collects sensitive information.
• Stealers: Malware designed to collect and steal sensitive data, such as cookies, passwords, etc.
• Crypto miners: Malware that hijacks system resources (memory, bandwidth) to mine cryptocurrency.
• Potentially unwanted applications (PUAs): Apps that aren't malicious but can display ads, install malware, and collect user data.
• Ransomware: One of the most dangerous threats, ransomware encrypts personal files and demands payment for decryption.
• Phishing: A social engineering attack that tricks users into revealing credentials, financial details, and personal information.

How to spot malware on your Mac

As a rule, aggressive malware comes in all shapes and sizes depending on the end goal it was created to attain. While some bring chaos and disruption, others silently steal information. There are also ones that are simply byproducts of a virus. 

So, when it comes to detecting malware, it's not always that straightforward. Any sudden unusual behavior is the first red flag. Here are the common signs of a malware attack:

• Your Mac becomes very slow for no reason. Crypto miners, spyware, and certain types of adware often run hidden processes that drain CPU resources and may slow down Mac performance.
• You're missing or unable to open files and folders. Missing files or folders that won't open could be a sign of ransomware encrypting your data or malware modifying system permissions.
• Your device repeatedly restarts. Frequent, unexpected restarts can indicate a kernel panic, often caused by faulty software. Some types of malware modify system files, causing instability and crashes that force your Mac to reboot.
• Your search engine homepage is different. If your browser homepage or default search engine has changed, you may have adware. This malware alters system settings, installs malicious extensions, and redirects your searches to display ads and generate revenue.
• Your Wi-Fi connection is unstable. While a poor connection isn't always a sign of malware, some threats can use excessive bandwidth for crypto mining, botnet activity, or data transfer.

Have you found something suspicious? Head to the next section to learn how to get rid of malware on your Mac. 

How to remove viruses and malware from your Mac

Introducing my fail-proof Mac virus removal tips to help you safely remove malware from your device. 

1. Disconnect from the internet

If you suspect malware, the first step is to disconnect from the internet immediately. Most malware uses the internet connection to transfer data into a hacker's hands. Disconnecting from the internet will immediately stop malware from stealing data, giving you time to spot and remove suspicious software.

Select the Wi-Fi icon from the top menu bar and toggle your Wi-Fi off. 

2. Check your browser

Adware can take over your browser, flooding you with intrusive ads and redirecting your searches. Keep an eye out for suspicious browser extensions and check your homepage and search engine settings to ensure they haven't been altered.

Chrome extensions checkup:

1. Open Chrome and enter chrome://extensions/ in the search bar.

2. Here, you will find all your extensions. Choose those you don't recognize and click Remove to uninstall them.

Safari extensions checkup:

1. Open Safari, select the Safari main menu > Settings > Extensions.

2. All your Safari extensions are listed here. To remove those you don't recognize, click Uninstall.

Firefox extensions checkup:

1. Open Firefox, then click the main Firefox menu > Settings > Extensions & Themes.

2. Your extensions will be listed under Enabled. To remove, select the three dots and click Remove.

Now that you've checked the extensions, it's time to verify the homepage and search engine:

• Chrome: Go to Settings > On startup and then Settings > Search engine.
• Safari: Open Settings > General and Settings > Search > Search engine. 
• Firefox: Navigate to Settings > Home and Settings > Search.

For each browser, set the homepage and search engine of your preference.

Did you know? Sometimes, viruses and malware pretend to be legitimate software, like a search engine named DuckDuckGo. If you've noticed that you use it instead of Google or any other search engine of your liking, here's an article on how to remove it from Mac.

3. Scan for malware

Certainly, the most efficient way to find and remove malware is using the Apple notarized app — CleanMyMac.

CleanMyMac runs a thorough malware scan to identify and remove even the most sophisticated malware. Its Protection feature offers real-time protection from malware and virus threats. 

Here's how to spot and neutralize malware on your Mac:

1. Get your free CleanMyMac trial.
2. Open the app. From the sidebar, select Protection. If you're using CleanMyMac for the first time, click Configure Scan to choose which file types you want to check. Select Deep Scan to ensure every file and folder is carefully analyzed. 
3. Click Scan. Wait till CleanMyMac checks your whole system. If anything malicious is found, simply click Remove to eliminate the threat. Also, review your application permission to make sure no apps can access your files without you knowing.

Another reason I recommend using this handy app is that the malware database is updated once a week. So, the chances of something sneaking into your Mac are pretty limited.

Last but not least, I'm a huge fan of CleanMyMac UI/UX design, particularly navigation and menu features. It allows you to get a quick visual overview of your Mac's health and see what fixes have to be done immediately. Simply run a Smart Care scan.

If you're not a fan of third-party applications, no problem. There are plenty of other useful tips below to help you locate and eliminate malware.

4. Check Activity Monitor

Activity Monitor displays all active processes on your Mac in real time, including any background activity run by malware. Use it to identify and stop suspicious software consuming excessive CPU, memory, or network resources.

1. Open Finder, select Applications > Utilities > Activity Monitor.
2. Now select the CPU tab from the top and look for unrecognized processes.
3. Choose those from the list and click X.
4. Repeat this process in the Memory tab.

5. Locate login malware

Login items are applications that launch when we start our devices. Sometimes, malware like cryptocurrency miners can disguise themselves as a login item and launch each time you reboot your Mac.

Here's how you can check for malicious login items:

1. Go to the main Apple menu > System Settings > General > Login Items.

2. To remove an item, select it, then click the "-" button.

6. Check your Downloads folder

Malware often comes bundled with files downloaded from unreliable sources, including .dmg files, which are commonly used to distribute macOS applications. Cybercriminals have exploited this format to spread malware like the Banshee Stealer and AMOS. If you suspect malware, go to your Downloads folder to review recently installed files and remove anything you don't recognize.

1. Open Finder and select Downloads from the sidebar.

2. Review your files. If anything suspicious is found, select it and move it to the Trash.

Don't forget to empty your Trash afterward.

7. Boot into safe mode

Another way to check for malware is to boot into safe mode. This mode loads only essential system processes and prevents most malware from running at startup, making it easier to detect and remove malicious software.

Apple silicon:

1. Shut down your Mac and wait 10 seconds.
2. Press and hold the power button until the startup options window shows up.
3. Select a startup disk.
4. Press the Shift key and click Continue in Safe Mode.
5. Release the Shift key.

Intel:

1. Shut down your Mac and wait 10 seconds.
2. Restart your Mac and press the Shift key.
3. Release the Shift key after the login window shows up.

8. Restore from a backup

If the above tips didn't help to solve your Mac malware issues, try restoring your Mac from a TimeMachine backup. 

1. Make sure you've connected your external TimeMachine backup drive.

2. Go to Finder > Applications > Utilities > Migration Assistant. 

3. Select the "from a Mac, Time Machine backup, or startup disk" option and click Continue.

4. Now, select the TimeMachine backup you want to use and click Continue.

5. Select the items to transfer and click "Continue to start the transfer." This could take several hours.

Once the transfer is completed, install legit antivirus software if you still don't have one. 

How to prevent Mac from malware infection 

Prevention is the best defense against malware. So, what can we do to prevent infections in the first place? 

1. Keep your Mac updated

Keeping your macOS updated ensures your Mac receives the latest security patches and performance improvements. Check if updates are available:

1. Select the main Apple menu > System Settings > General > Software Update.

2. If you have an update waiting, follow the on-screen instructions to install it.

2. Download software from trusted sources

If you only download software from the Mac App Store, you will probably never encounter malware. But if you have to download software from someplace else, make sure it's a trusted source. Always think before clicking download — avoid suspicious links in emails, pop-up ads, and messages on social media. 

3. Ignore fake technical help

If you ever receive a phone call from a company — Apple or any other well-known service provider — telling you your Mac is infected, hang up. Apple never makes such calls concerning the malware.

4. Install antivirus software

While Macs come with XProtect, it lacks many of the advanced features of the antivirus software, such as on-demand scanning and extensive malware database. With Mac threats on the rise, investing in additional protection is a smart choice. Take your time to research and find the software that fits your needs.

Frequently asked questions

Can Macs get viruses from email attachments?

You can get infected through malicious email attachments, especially if they contain macros, PDFs, or executable files. What may seem like a harmless image, video, or even a Microsoft Word document may disguise malware or malicious scripts. Avoid downloading any files if you can't confirm the sender.

Does reinstalling macOS remove malware?

Reinstalling macOS can remove most malware, but a simple reinstall won't be enough if the infection is stored in your backup. For a full cleanup, erase your disk, reinstall macOS, and avoid restoring from a backup.

How to avoid potentially unwanted apps?

To keep your Mac safe from unwanted or harmful apps, it's a good idea to configure it to block apps from unknown developers. Go to System Settings > Privacy & Security, click the menu next to "Allow applications from," and choose App Store & Known Developers. This way, you can feel more secure when downloading apps from the internet.

Just in case, check this article about top 10 malware cleaners for Mac.

I hope you've found these tips useful and your life is free from Mac malware. Even if you haven't caught one yet, you still shouldn't forget about the prevention techniques described in this article.

The general rule is to get reliable antivirus software and think twice before you click. Stay safe!