Trickbot malware removal guide

What is Trickbot?

Trojans and malicious malware are constantly evolving. They’re continually finding sneakier ways to infect computers. The Trickbot virus is a perfect example of that. After successfully targeting banking systems, Trickbot turned its attention to consumer and personal computers.

Once Trickbot infects a computer, it steals personal information from the machine. Then, it sends your data back to a central server. Then, it will try to infect the network that the computer is connected to. That way, it can continue spreading to every other device that connects to it.

The good news is that despite how effective it is at spreading, if you find your Mac has been infected, all hope is not lost. There is a way you can get rid of it, so keep reading and find out how you can get rid of the malware.

How did it get on my computer?

You might be thinking, “Hang on a second, I have a Mac. I thought Macs aren’t supposed to get viruses.” Well, that was true at a certain point in time. And while they are safer in many ways compared to other computers, they still have some vulnerabilities.

Malware like Trickbot can infect Macs in a couple of different ways. Using macros with Microsoft Office is a fairly common one, especially for Macs that are used in an office or work environment. More recently, though, Trickbot has been pretending to be other apps and browser plugins, like 1Password, and asking you to install it. That’s why you should always be cautious and question random pop-ups offering you free software.

How does the TrickBot trojan spread?

To remove TrickBot and prevent the possibility of it spreading in the future, you first need to understand how it spreads:

• Microsoft Office macros: Macros (or automated shortcuts) are a common way for malware to spread. With so many private individuals and companies using macros in software like Microsoft Office, a macro infected with the Trickbot malware can wreak havoc on an entire network.
• Masquerading as legitimate software: Another way that you can be infected by Trickbot is by the Trickbot trojan. This is when it pretends to be a trusted, legitimate piece of software or a browser plugin. If you fall for it, TrickBot will make its way onto your device.
• Infected email attachments and links: The oldest trick in the book for spreading malware is to send it via infected email attachments and links. Attachments can be something seemingly innocuous, such as invoices and Microsoft Office documents, while the link can look innocent enough.
• Vulnerabilities in macOS and other apps: Apple does a top job of keeping on top of system vulnerabilities and providing patches in a timely manner. However, it’s still possible that an unknown threat — a zero-day exploit — can quickly take advantage of a vulnerability before it’s discovered and patched.

What are the main symptoms of the TrickBot trojan?

Here is a list of things to watch out for to determine if your machine has been infected by the TrickBot malware:

• Your computer grinds to a halt: Healthy Macs are quite fast. If your Mac suddenly starts slowing down, this can be the first indication that something is wrong. This will quickly lead to bigger problems, including overheating and system crashes.
• W-Fi issues: A W-Fi connection isn’t going to stay stable for long if large amounts of your personal data are being transferred out to a third-party server. If your Wi-Fi connection keeps crashing, don’t be so quick to blame the ISP and your router.
• Antivirus alerts: Your antivirus software will send out constant virus alerts.
• Suspicious app installs: All malware needs a central point to run scripts, look for data, and begin transferring it out. This is usually an app that the malware installs in the Applications folder on your Mac. Go to the folder and see if there are any apps there that you didn’t install. If so, force-quit the running processes in Activity Monitor and securely delete the app using CleanMyMac.
• Browser setting changes: TrickBot may change your browser settings, such as your homepage and default search engine. Go into your browser settings and see if anything is different. Also, see if your browser security settings have been downgraded or turned off entirely.

How to remove Trickbot from your Mac

For people who maybe aren’t used to dealing with viruses and malware, don’t worry. The Trickbot removal is pretty straightforward. But it does depend on which browsers you have installed on your Mac. I would recommend not just checking your default browser but any that you have installed.

But the absolute first thing you should do if you think your computer is infected with Trickbot or other malware is to disconnect it from the internet. That will help prevent it from spreading to other computers on your network.

Once you have it offline, you should use this step-by-step guide for removing those malware plugins from Safari, Google Chrome, and Firefox:

Safari

Since Safari is the default browser on your Mac, follow these steps to get rid of Trickbot:

1. Click Safari > Settings > Extensions.
2. Then, select any browser extension you don’t remember installing.
3. Click Uninstall.
4. Finally, close Safari and reopen it.

Google Chrome

If you have Google Chrome installed on your Mac, follow these instructions to delete Trickbot extension:

1. In Chrome, click the three dots > More Tools > Extensions.
2. Find any suspicious extensions and click Remove.
3. Then, quit Chrome and reopen it.

Firefox

There are two areas you should check for malicious malware in Firefox. Follow these steps to help you out:

1. With Firefox open, click the three lines > Add-ons and themes > Extensions.
2. Find and select any extensions you don’t recognize. Click ... > Uninstall.
3. Now, select Plugins on the left and repeat step 2.
4. Close and reopen Firefox.

After you finish going through this process with all of your browsers, it’s a good idea to restart your Mac.

How to protect your Mac from TrickBot malware

Here are some ways to prevent the TrickBot malware from getting onto your Mac and prevent yourself from becoming a victim:

• Use CleanMyMac: Just as a mechanic needs specialized tools to fix a vehicle, so too does a computer owner need a specialized tool to fight malware. CleanMyMac is probably the best investment you can make for your Mac or MacBook.
• Watch those email links: If a trusted relative or friend sends you a web link, you are likely safe to click it. But a work colleague or a complete stranger? Probably not a wise idea.
• Pause before opening email attachments: We get a lot of email attachments these days, such as invoices, bills, payment confirmations, images, and so much more. Be careful not to open unsolicited attachments, which could contain malware.
• Only get browser plugins and apps from official sources: One of the ways Trickbot malware finds its way onto victims’ computers is via browser plugins and apps. Never sideload these. Instead, always get them from app stores, where they are strictly vetted. The same goes for macros.
• Keep devices and apps updated: As we previously mentioned, malware relies heavily on unpatched software vulnerabilities. When you’re notified that an update is waiting, install it as quickly as possible. You can also use CleanMyMac to check if any of your installed apps are waiting for updates.

Remove other malware on your Mac

It’s always good to get into the habit of periodically scanning your Mac for malware. Even if you haven’t noticed any suspicious performance or behavior from your computer, sneaky software can install on your computer, run in the background, and leave open a backdoor for more malware to infect your device.

Thankfully, CleanMyMac, powered by Moonlock Engine, can help you scan your Mac and look for malware and any supporting files from apps that may be hiding on your hard drive.

After you start your free CleanMyMac trial, open it and follow these instructions to scan for malware:

1. On the left, click the Protection section.
2. Click Scan. If CleanMyMac finds any threat, click Remove.

Once you scanned your Mac for malware, you can also run Performance module, which will give your Mac a performance boost.

Trickbot and other malware can be quite devious if allowed to infect a computer. And they only get worse as time progresses. The developers who create these types of Trojans are always looking for ways to target more computers for more information to steal. But if you get into the habit of doing preventative scans and can spot the warning signs when you’re installing software or opening attachments, you can prevent suspicious software from infecting your computer.