< The MacPaw How-tos

Badbunny virus: What is it and how to remove it from my Mac?


How to remove Badbunny virus

Although not as well known as some viruses, the Badbunny virus is designed to steal data, collect personal information, browsing habits, passwords and make illegal changes to how your Mac operates. It can add browser extensions you’ve never heard of - and haven't given permission to - and it will upload hidden folders to your Mac that can steal data.

What is the Badbunny virus?

Ruby.Badbunny will run automatic activation codes in the background. So whenever you are using your Mac it operates without being seen, absorbing data and information and transmitting this to its command-and-control server, giving cybercriminals back-door access to your Mac.

For some Mac users, once infected, it can crash the system forcing you to re-load the operating system before you can use it again. Unfortunately, this doesn't remove Badbunny. It stays embedded and hidden from most anti-virus software. Lurking in the shadows and giving your information who want to exploit whatever they can, especially financial details.

Another way your Mac can get infected is through the SB.Badbunny. Part of the same virus family, this worm can drop the following virus packages: JS.Badbunny , Perl.Badbunny , and Ruby.Badbunny. All of them are equipped to hide in the shadows, run executable codes and steal data.

On occasions, Badbunny is known to give users a message once a Mac or PC has been infected:

Title: ///BadBunny\\\

Body: Hey '[USERNAME]' you like my BadBunny?

However, that depends which executable virus package has landed and what it wants to do. Often this message only appears when your Mac is being used remotely to send distributed denial of service attacks (DDoS) to a wide number of websites with 5000 byte ICMP packets, according to a Symantec evaluation of the virus.  

One sign that you’ve been infected is that your Mac takes longer to execute commands. Unexpected error messages and applications suddenly crashing are a sign that you’ve been infected. It can slow a Mac down, and it can be difficult if not impossible to know what data has been stolen and to recover it.

Clearly, this isn’t something you want lurking around your Mac, slowing it down and stealing data.


How to remove Badbunny from your Mac

One way is to attempt to remove Badbunny manually.

In the same way that you would find and remove an app you don't need, it isn’t as simple as dragging it to the trash. Firstly, to remove a virus such as Badbunny, you need to know what you are looking for. To remove anything - including viruses manually - you need to search through a whole load of files: Library, Cache, Preferences, Applications and several others.

We cover how to do this with applications in this article. It can take a while, and you need to know how Badbunny is disguised. It could look like something perfectly ordinary that should be there, and the last thing you want to do is remove something your Mac needs to operate. There is also a risk that what it calls itself in one folder is different in another. Unfortunately, this does mean you are searching for an unpleasant and hidden needle in a large haystack.

It can also be difficult to know if you’ve definitely got everything you want to remove.

Another way, that takes a lot less time and is guaranteed to be more thorough is using CleanMyMac X.

  1. Download CleanMyMac X (for free).
  2. Launch the app.
  3. Choose Malware Removal.
  4. Click Scan.
  5. Click Remove.

Removing malware on Mac

Badbunny virus gives criminals a back-door into your Mac, to steal data and even make changes to how your Mac operates. It can even stay hidden from most anti-virus software, and it can be difficult to know what it has sent back to the control server. Thankfully, it can be removed, either manually - which is tricky - or with software that can find and delete it safely.


Share it! Knowledge is power:
MacPaw uses cookies to personalize your experience on our website. By continuing to use this site, you agree to our cookie policy. Click here to learn more.