Badbunny virus: What is it and how to remove it from my Mac?
Before we start
Having spent some years coding applications for macOS, we’ve created a tool that everybody can use. The all-round problem fixer for Mac.
So here’s a tip for you: Download CleanMyMac to quickly solve some of the issues mentioned in this article. But to help you do it all by yourself, we’ve gathered our best ideas and solutions below.
Although not as well known as some viruses, the Badbunny virus is designed to steal data, collect personal information, browsing habits, and passwords and make illegal changes to how your Mac operates. It can add browser extensions you’ve never heard of - and haven't given permission to - and it will upload hidden folders to your Mac that can steal data.
What is the Badbunny virus?
Ruby.Badbunny runs automatic activation codes in the background. So whenever you use your Mac, it operates without being seen, absorbing data and information and transmitting this to its command-and-control server, giving cybercriminals back-door access to your Mac.
For some Mac users, once infected, it can crash the system, forcing you to re-load the operating system before you can use it again. Unfortunately, this doesn't remove Badbunny. It stays embedded and hidden from most anti-virus software. Lurking in the shadows and giving your information who want to exploit whatever they can, especially financial details.
Another way your Mac can get infected is through the SB.Badbunny. Part of the same virus family, this worm can drop the following virus packages: JS.Badbunny, Perl.Badbunny and Ruby.Badbunny. All of them are equipped to hide in the shadows, run executable codes, and steal data.
On occasions, Badbunny is known to give users a message once a Mac or PC has been infected:
Title: ///BadBunny\\\
Body: Hey '[USERNAME]' you like my BadBunny?
However, that depends which executable virus package has landed and what it wants to do. Often this message only appears when your Mac is being used remotely to send distributed denial of service attacks (DDoS) to a wide number of websites with 5000 byte ICMP packets, according to a Symantec evaluation of the virus.
What are the signs of the Badbunny virus?
One sign that you’ve been infected is that your Mac takes longer to execute commands. Unexpected error messages and applications suddenly crashing are a sign that you’ve been infected. It can slow a Mac down, and it can be difficult if not impossible to know what data has been stolen and to recover it.
Clearly, this isn’t something you want lurking around your Mac, slowing it down and stealing data.
How to remove Badbunny from your Mac
One way is to attempt to remove Badbunny manually.
In the same way that you would find and remove an app you don't need, it isn’t as simple as dragging it to the trash. Firstly, to remove a virus such as Badbunny, you need to know what you are looking for. To remove anything — including viruses manually — you need to search through a whole load of files: Library, Cache, Preferences, Applications and several others.
We cover how to do this with applications in this article. It can take a while, and you need to know how Badbunny is disguised. It could look like something perfectly ordinary that should be there, and the last thing you want to do is remove something your Mac needs to operate. There is also a risk that what it calls itself in one folder is different in another. Unfortunately, this does mean you are searching for an unpleasant and hidden needle in a large haystack.
It can also be difficult to know if you’ve definitely got everything you want to remove.
Another way, that takes a lot less time and is guaranteed to be more thorough is using CleanMyMac X.
- Download CleanMyMac X (for free).
- Launch the app.
- Choose Malware Removal.
- Click Scan.
- Click Remove if anything malicious is found.
Badbunny virus gives criminals a back-door into your Mac, to steal data and even make changes to how your Mac operates. It can even stay hidden from most anti-virus software, and it can be difficult to know what it has sent back to the control server. Thankfully, it can be removed, either manually - which is tricky - or with software that can find and delete it safely.
