How to remove the Koobface virus from Mac?

Koobface combines two of the most common malware tricks — social media messages and fake Flash updates — to quickly spread from one computer to another, creating a botnet to deliver more malware and make money for the scammers behind it. As with most malware, it can be removed, and we’ll show you how, but the best tactic is to avoid it altogether.


What you need to know about Koobface

Back in 2008, social media was still in its infancy, and Facebook was on its way to becoming the most popular network of them all. Koobface hooked into this growing popularity by infecting accounts and sending fake messages to the account holders’ friends. Those messages contained a link, and when the friend clicked on the link, they were prompted to download an update to Adobe Flash. In 2008, Flash was on nearly every computer on the internet, and so it was easy for the Koobface worm to spread. Once a computer was infected, the worm would display adware and attempt to persuade the user to download paid-for software. It also formed botnets to attack more computers.

Did you know? 

Researchers at Information Warfare Monitor estimated that the scammers behind Koobface made over $2m in revenue in just one year between June 2009 and June 2010.

Koobface also blocked access to some internet security sites and redirected search queries on infected computers. In January 2019, Facebook took the unusual step of naming the people it believed were responsible for the worm. They were all based in St Petersburg, Russia.


How to protect your Mac from Koobface malware

The best way to avoid Koobface is to do exactly the same as you would to avoid any other malware:

  1. Don’t click on links in messages on social media platforms or instant messaging apps unless you are absolutely sure where they come from and where they lead. Remember, scammers often make it look like messages have come from friends.
  2. Never click on a link in a pop-up that tells you that your Flash Player or any other piece of software is out of date. Be informed that Flash Player is no longer officially supported by Adobe, so it’s safer to uninstall it using guidelines from Adobe.
  3. Be careful about the links you click on on the web and the sites you visit. Don’t click on adverts for dubious products or services and always close intrusive pop-up windows or tabs immediately.
  4. Ignore alarming posts on social media that claim your computer is at risk if you don’t click on a link or download a piece of software. Koobface was used in hoaxes to scare users into downloading other malware.

How to remove Koobface from your Mac

First, you should confirm that your Mac is actually infected with Koobface. As we said earlier, Koobface hoaxes have been used to scam computer users by pretending their computer is infected when it’s not. So, first of all, ask yourself: why do I think that my computer is infected? If the answer is that you got a message in your web browser, you should assume that it’s a hoax. Quit your browser and then open it without reopening windows and tabs that were open in the last session. That should solve your problem.

If you’re still having problems with your browser, check for rogue extensions and make sure your homepage and default search engine are still set the way you want them.

  • In Safari, click on the Safari menu and choose Settings. Then use the Extensions tab to check for and remove extensions and the General tab to set the homepage and search engine.
  • In Chrome, type chrome://extensions to review extensions and chrome://settings to set the homepage and search engine.
  • In Firefox, click on the three lines on the right of the toolbar and choose Add-ons and themes > Extensions to check extensions. Choose Settings > Home to set the homepage and search engine.

Once you’ve removed extensions or reset your homepage and default search engine, you should restart the browser — quit (usually by pressing Command-Q) and open it once again. 

If you think your Mac is infected because friends have told you they’ve received messages from you that you didn’t send, you should scan your Mac for malware. There are a couple of options for doing that:

  1. Use an antivirus tool. There are several available for the Mac, and many of them will scan your computer for free. Some will also remove malware for free, while others will require that you pay for a full version of the application before you can remove anything.
  2. Use the Malware Removal utility in CleanMyMac X. CleanMyMac knows about all the latest malware that threatens your Mac and can identify and remove it with a couple of clicks. If you use it to regularly scan your Mac, you can be sure it will remain free from viruses, worms, and all sorts of other malware, including Koobface.
CleanMyMac X - Smart Scan

Here’s an example of just how easy it is to remove Koobface from your Mac using CleanMyMac X:

  1. Download and install CleanMyMac X.
  2. Open it from your Applications folder.
  3. Choose Malware Removal from the sidebar and click Scan.
  4. When it’s finished scanning your Mac and found Koobface or any other malware, click Remove.
  5. There is no step 5!
Scan completed in malware removal module of CMMX


Koobface is a worm that uses social media and fake “Flash player out of date” warnings to infect computers and form botnets. Infected Macs and PCs show intrusive adverts, and often more malware is downloaded to them to earn revenue for the scammers. Fortunately, Koobface is straightforward to remove with an antivirus tool or even more easily by running the Malware Removal tool in CleanMyMac X.

It’s better, of course, to avoid it altogether, and the best way to do that is to not click on links in instant messages or emails unless you’re certain where they lead. Like all Mac malware, Koobface relies on you taking action to download it, so be vigilant, and you’ll avoid it.

Laptop with CleanMyMac
CleanMyMac X

Your Mac. As good as new.