How to remove GravityRAT malware from Mac

Despite sounding like a sci-fi movie about a mouse in space, if GravityRAT were a movie at all, it would be closer to a cyber-thriller because of how it spies and steals your data. GravityRAT stealthily finds its way onto your computer and starts to siphon your sensitive information.

And, yes, unfortunately, this includes your Mac too. Updates to spyware in recent years have allowed it to target macOS and Android devices.

If you have reason to believe that your Mac is infected, don’t worry! This article will explain everything you need to know about GravityRAT malware and show you how to get rid of it.




No noticeable symptoms

Infection methodBundling with malicious apps
System damage

Password breaches and stolen data

RemovalCleanMyMac X anti-malware

What is GravityRAT?

GravityRAT is a piece of spyware that’s been around since about 2015. In 2018, it was detected in a compromised version of an Android app called Travel Mate Pro. Then, around 2020, versions of it were even discovered in malicious macOS apps.

For your information, the second part of its name is an acronym. It stands for remote access trojan. That’s because it primarily functions by remote access. Once the app has been installed on a computer, the hacker can send commands to it so that the malicious app can send data back to its server. The sneaky little name works on multiple levels.

How can a Mac get infected with GravityRAT malware?

The most common way for Macs to be infected by GravityRAT is through malicious apps. Let’s say with the Android app mentioned earlier, hackers can create compromised versions of various free apps and try to trick users into installing them.

Apps GravityRAT has commonly masqueraded as they include travel, file sharing, media players, and more.

How can GravityRAT harm a Mac?

If there was a silver lining to GravityRAT, it’s that you won’t notice it on your computer. GravityRAT runs entirely in the background and hardly impacts your Mac’s performance. The downside is while it’s running without you noticing, GravityRAT is stealing all of your data and uploading it to a server.

When I say it’s stealing all of your data, I mean everything – pictures, text messages, email, pdfs, docs, etc. Anything you have saved on your hard drive, valuable or not, GravityRAT is stealing it.

What’s more, some previous versions of GravityRAT were even able to record audio using the device’s microphone. But thankfully, that hasn’t been found in current macOS versions yet.

How to avoid installation of GravityRAT backdoor on Mac?

The best way to protect yourself from accidentally installing GravityRAT is by researching everything you install on your Mac. Ensure you’re only downloading apps from trusted sources – free or otherwise.

However, the guaranteed, safest way to install a new app is through the Mac App Store. These apps have been vetted by Apple’s security team, so you know a scammer isn’t uploading malicious code along with it.

How to remove GravityRAT from Mac automatically with CMM

Even though it would be hard to tell if GravityRAT has infected your Mac, there is an effortless way to scan your Mac for it. Simply download CleanMyMac X. It’s an app designed to optimize your Mac’s performance, which includes detecting and removing various malware threats.

CleanMyMac X has been recommended by Forbes and notarized by Apple. Once you have it downloaded, just follow these steps:

  1. Open CleanMyMac X.
  2. Click Malware Removal in the sidebar.
  3. Now, hit the Scan button.
  4. Once the scan is complete, make sure GravityRAT is selected and click Remove.

Once the scan is finished, CleanMyMac X gets rid of anything it can find. And there’s nothing else you need to do.

How to tell if your Mac has been infected by backdoor malware

The main characteristic of backdoor malware is that it’s stealthy. It’s designed to work in a way that you wouldn’t necessarily notice. But, if you know where to look, then you might be able to spot signs that something fishy is going on. Some of the telltale ways to catch backdoor malware include:

  • Watching your network activity
  • Setting up network notifications
  • Monitoring your privacy settings

If any of those sound difficult or confusing for you, don’t worry. I promise almost anyone can do them – and yes, that includes you. Keep reading and I’ll walk you through what you need to know for each of those methods.

Watching your network activity

Thankfully, there’s an app already on your Mac called Activity Monitor that can help you with this. It’s located in your Applications > Utilities folder or you could always do a quick Spotlight search to find it. Then, you’ll want to follow these steps:

  1. Open Activity Monitor.
  2. Click the Network tab at the top.
  3. Look for any suspicious activity.
  4. Select the strange connection and click the stop icon at the top.

Setting up network notifications.

You can use a third-party app that will show you pop-up notifications to help you monitor your network activity in real-time. A popular choice is the app, Little Snitch. It displays a notification any time an app on your computer makes a new connection to the internet.

Monitoring your privacy settings

macOS has a ton of incredible built-in security features to help protect your computer. One of those tools is the privacy settings. You can see and give apps permission to things like your photos, camera, or microphone. Here’s how you can check those settings:

  1. Click the Apple logo > System Preferences.
  2. Select the Security & Privacy button.
  3. Open the Privacy tab.
  4. Check which apps have access to each category.

Chances are if you’ve had to do any video chatting or screen sharing, then you’ve probably had to go into this section and give an app permission to access your camera or microphone. But, it’s always good to periodically check to make sure you haven’t given access to a malicious app by mistake.

How to prevent infecting a Mac with backdoors

You probably don’t have a GravityRAT problem yet, but you may be worried about other backdoor trojans infiltrating your Mac. The good news is that as more threats and malicious software target macOS, more apps like CleanMyMac X become available and more advanced to help protect your computer.

A good habit of picking up is regularly scanning your Mac with CleanMyMac X. Hopefully, after seeing how quick and easy it is to use, it’s something you’ll start to do at least once a week, if not more.

CleanMyMac X also has a real-time monitoring tool. So, if you accidentally download or install an infected file, it will catch it and notify you immediately. Make sure to turn on this handy feature by following these steps:

  1. In the toolbar at the top, click the CleanMyMac X icon.
  2. Go to the Protection section and make sure the Real-time malware monitor is turned on.
  3. If it’s not, you’ll be able to click Turn On in the bottom-right.

Tips to prevent installing malware on your Mac

Regularly scanning your Mac is an incredible and easy way to check if you have any malware installed. It’s also a great way to help prevent backdoor malware from being installed. But, it’s not the only way.

There are a couple of best practices you should keep in mind that will help prevent a backdoor malware infestation.

  • Only install apps from trusted sources
  • Don’t click on links or open attachments in your email
  • Never engage with any phishing emails or websites
  • Don’t respond to any ransomware threats
  • Keep your Mac up-to-date with all the latest security patches
  • Use a password manager to help protect your online accounts
  • Surf the internet in a private browser or incognito mode

Adopting these practices into your regular routine will greatly improve your computer’s safety. But, putting all of them into effect will keep your Mac buttoned up. At that point, it will be hard for any malware to find a vulnerability. And in the unlikely event one does, CleanMyMac X can help you catch it in real-time before getting rid of it.

For anyone that’s had to use a Windows computer or any other virus-riddled device, dealing with trojans and malware can feel like an overwhelming headache. But fortunately, just like most things in macOS, dealing with malicious software is a little bit easier. With apps like CleanMyMac X, you can quickly scan for spyware like GravityRAT and detect threats in real-time. Don't forget to double-check if the app you're about to install is legitimate, and stay safe!

Laptop with CleanMyMac
CleanMyMac X

Your Mac. As good as new.