How to remove malware from your Mac?
In 2021, Apple’s senior vice president, Craig Federighi, confirmed that the amount of malware on macOS reached an unacceptable level. Although Apple has invested a lot of resources into strengthening security and privacy on Macs, some types of malware are sophisticated enough to bypass Gatekeeper.
Even Windows-related malware, XLoader, has recently made its way on Macs, once again proving that Apple computers aren’t 100% immune to threats.
In this Mac malware removal guide, we’ll tell you how to get rid of malware on your Mac. We’ll also cover how to tell apart different malware types on Mac: adware, scareware, and others. We’ll be using the manual methods as well as some respected antivirus tools for Mac. Let’s go.
What is malware
First off, let’s point out that the term “malware” is a broad term for all unwanted intrusions. It’s also not synonymous with the term “virus” because the latter is only a model of distribution, i.e., how an app self-replicates. Here are common types of malware you can encounter on Mac:
- Download managers — download unauthorized objects
- Spyware and keyloggers — steal users’ personal data
- Backdoor infections — apps that remotely seize control of your computer
- Rootkit — infiltrate admin privileges
- Botnet — turn your Mac into a shadow bot
- Trojan horses — apps disguised as legit software
- Ransomware — lock your Mac’s screen
- PUP — potentially unwanted programs
Among these, PUPs are the most numerous type. According to Malwarebytes, the Windows platform is no longer a hotbed for malware — the macOS is. There has been a 400% spike in macOS-specific malware infections, proving that Macs have become more attractive targets to cybercriminals. Don’t worry, knowing how to check for malware and eliminate threats will keep you safe, so keep reading.
Mac malware: The symptoms
Oftentimes, a malware app would trick you into believing it’s perfectly harmless. Such apps are known to disguise themselves as antiviruses, extractors, or video players. But how to tell if your Mac has a virus? Here are some of the tell-tale signs:
- A sudden drop in Mac’s performance or frequent freeze-ups.
- Pages that you visit get obscured with ads.
- Unexpected Mac reboots or apps starting for no reason.
- Your browser installs suspicious updates automatically.
How Mac can get infected with malware
By clicking on fake Flash Player updater. Or by installing a seemingly useful browser extension. As of 2020, a trojan browser extension NewTab infected 30 million Mac computers. This malware disguised itself as a parcel tracking helper but was, in fact, spreading ads. So, how to protect your Mac from malware? You can start by studying typical infection gateways:
- Fake Flash Player update
- Torrent download
- “Your Mac is infected” scam
- Unsafe email attachment
- Camera access request
How to remove a virus from Mac
Just as with any disease, to doctor a virus, you need to remove the infected part of your software — as simple as that.
1. Remove malware from Mac manually:
The Activity Monitor
If you know which app on your Mac is malicious, you’re halfway through the problem. First of all, you need to close the app and then root it out from the system processes.
- Open Activity Monitor (type its name in the Launchpad).
- Locate the problematic app in the list of processes.
- Use the [x] button to quit the process.
Now, go back to your Applications and move the app to the Bin. Immediately empty it.
This method is simple, but for the best malware removal results, you’d have to invest a bit more time. There are still parts and pieces of the virus app scattered around your system folders. It’s a bit like killing a dragon that regrows its head after you’ve chopped it off. To remove malware from your Mac completely, it’s better to use a powerful uninstaller.
2. Get rid of malware using CleanMyMac X
CleanMyMac X is a popular Mac troubleshooting app from the developer MacPaw. This app is, by the way, notarized by Apple. It will scan your Mac for any vulnerabilities and offer immediate removal if it finds something suspicious. CleanMyMac X detects thousands of malware threats, including viruses, adware, spyware, ransomware, cryptocurrency miners, and more. The app’s database is regularly updated to keep all those “-wares” away from your Mac.
Here’s how to remove malware from your Mac:
- Download CleanMyMac X — it’s free to download.
- Click the Malware Removal tab and hit Scan.
- Once the scan is complete, click Remove.
3. Remove Mac malware from your Login Items
Most adware or spyware will try to sneak inside the bootup process. The good news is that you don’t have to be Mr. Kaspersky to prevent this.
- Go to the Apple menu > System Preferences.
- Choose the Users & Groups section.
- Make sure your username is highlighted.
- Open the Login Items tab.
Now use the “—” sign to disable all the suspicious apps that you’ll find. Restart your Mac for the changes to take place.
4. Get rid of pop-up ads on Mac
Advertising pop-ups are browser-related, so whatever browser you are using, be prepared for a thorough cleanup. First off, don’t buy into whatever the ad is telling you. Some scary alerts would mention 343 viruses found on your Mac, forcing you to immediately install a “Mac Defender” or “Mac Security” tool. Just ignore it and don’t click anywhere on the pop-up. Use the [x] button and if it doesn’t close the ad, Ctrl + click the browser icon to quit the browser completely.
How to block pop-up ads in Safari
- Open Safari Preferences (in the top menu).
- Go to the Websites tab.
- Scroll down to Pop-up Windows at the bottom of the sidebar.
Here you can block pop-ups from individual websites. And in the bottom right corner, you can block all pop-ups in general.
How to get rid of pop-ups in Chrome
- Open Chrome Settings (a three-dot icon).
- Click Privacy and Security.
- Scroll down to Site Settings > Pop-ups and redirects.
- Locate the Pop-ups tab and block them from appearing.
Additionally, make sure your browser’s homepage is set to a standard Google page or other trusted source.
5. Clean up extensions to remove adware from Mac
Apple lists several browser extensions as potentially malicious. The list includes:
- Amazon Shopping Assistant by Spigot Inc.
- Slick Savings by Spigot Inc.
This is just to give you an idea of how different these adware extensions could be. But if you’re looking at how to remove malware from the Mac Safari browser, follow this path.
Remove extensions in Safari
- Go to Safari Preferences.
- Choose the Extensions tab.
- Select an extension and click Uninstall.
Disable browser extensions in Chrome
And here’s how to remove malware from Mac Chrome. Open Chrome and click Window in the top menu. At the bottom of the list, choose Extensions. This opens up the list of all your installed extensions. Now, click Remove on any extension you suspect can be malicious. Right after that, your Chrome experience should get much less distracting.
Just to be doubly sure, we recommend you to remove all the extensions you’ll find. Later you can re-install each one separately.
6. Launch Agents and Daemons: Where else to look
So far, we’ve covered browser Extensions, Applications, and Login Items trying to remove malware from your Mac. But these are not the only locations where malicious agents may be hiding. Another type of system services that could be affected by malware are the so-called Launch Agents and Daemons — yes, the name does derive from the word demon. These are small helper programs that stealthily run in the background, like software updaters or automatic backups.
While Launch Agents and Daemons are two different entities, both can be infiltrated by malware. As it often happens, trojan apps would place their executable files within the Launch Agents folder. The result — the virus app launches automatically and potentially harms or steals your data.
7. How to remove daemons and agents from Mac startup
- Click Finder.
- Choose Go > Go to Folder.
- Type in:
For Launch Agents, repeat the steps above, but this time, search in 2 more locations:
Inside, you’ll find a bunch of PLIST files and if some of them look suspicious to you, delete them. Sure, the names of these files may not be very telling, but if you already know the problematic app that you are after, knowing this folder may help you fully extinguish it.
Don’t forget to reboot your Mac — until you do, all these files are still in memory.
One more way to remove daemons, agents, and plug-ins
If the manual path described here sounds too complicated, you can again be rescued by CleanMyMac X. This app has a special tool to remove malware Launch Agents.
- Download CleanMyMac X (it’s free to download).
- Install the app.
- Click Optimization tab > Launch Agents.
- Select the Launch Agents you want to disable and click Remove.
By the way, this app has a real-time anti-malware monitor. It monitors for any problematic apps that try to get into your Launch Agents. If it finds such, it will notify you and offer to remove the intruder.
8. Boot into Safe mode
Sometimes malware can make your Mac so slow that it’s impossible to do anything. Starting up your Mac in Safe mode may help. It prevents loading certain software and only runs essential apps and processes macOS needs. It also performs a check of your startup disk and removes some system cache, which may be exactly what your Mac needs. Here’s how to boot your Mac into Safe mode.
Boot into Safe mode on an Intel-based Mac
- Restart your Mac and press and hold the Shift key as your Mac starts up.
- When the login window appears, release the Shift key and log in.
- You should see ”Safe Boot” in the upper-right corner of your Mac’s screen.
Boot into Safe mode on an Apple Silicon-based Mac
- Restart your Mac and press and hold the power button.
- Release the button when you see the startup options.
- Select your startup disk, then press and hold the Shift key and click “Continue in Safe Mode.”
- Log in to your Mac. You might need to log in several times.
If all else fails
Below are a few more ideas to help you remove malware from Mac.
- Switch to a different user account and do a full system cleanup.
- Restore your Mac using Time Machine (to the point before it got infected).
- Update all your software, including the macOS.
How to protect Mac from malware
As a conclusion, we’ve prepared a few basic tips to minimize your chance of catching malware in 2022 and beyond. They are just as relatable for a PC computer.
- Closely read those dialogue boxes.
- Get a reliable password manager app.
- Browse anonymously.
- Cover your webcam when possible.
- Use passphrases instead of passwords.
- Create an “emergency” bootable external drive for your Mac.
OK, looks like we’ve covered how to remove malware from Mac, including both manual and software solutions. Hope your Mac stays virus-free, and may you never click on those scary Mac alerts again.