How to Remove Malware From Mac
Despite what some people say, Macs can and do, get viruses and other malware. If it happens to your Mac, you might notice it working slower than usual. Mac malware might also cause system instability or other unpredictable behavior, including problems with your web browser.
If your Mac is infected with malware, how do you remove it and give your system a clean bill of health? In this guide, we’ll explore some of the most practical Mac malware removal measures you can take.
How to clean malware from a Mac
There are a few basic steps you can take to detect and remove malware from your Mac:
- Disconnect from the internet
- Delete suspicious files or programs
- Check the Activity Monitor
- Boot into safe mode
- Run a malware scanner
- Restore or reset your Mac
If your Mac picks up malware, you may or may not even realize it. Some malware makes a big show of announcing itself, changing your browser home page, or, in the case of Mac ransomware, locking your data away from you. But other malware works quietly in the background, stealing information or causing harm invisibly. This is why we believe you should have an antivirus application installed, to bring such malware to your attention. Don't forget to run a Mac virus scan once in awhile.
Still, if you know or suspect your Mac has been infected by malware, here are some instant measures you can take to remove it.
Disconnect from internet
Some malware sends data from your Mac to hackers. This can include logs of everything you’ve typed — and, yes, your usernames and passwords will be among them. If they find sensitive information, they could even use it to blackmail you.
Before you do anything else, you should disconnect your Mac from the internet. If it’s plugged in via an Ethernet cable, you can just pull that out. If you’re using WiFi, you can left-click the WiFi icon on the macOS menu bar, and then select Turn Wi-Fi Off. You can also do this from System Preferences > Network > Wi-Fi.
Delete suspicious files or apps
If you’ve downloaded something malicious from a file-sharing site or through a browser pop-up, removing it might be as simple as deleting it. Even if you’ve installed a malicious app, uninstalling it might be all you need to do to get rid of it.
However, hackers often make it difficult to uninstall the malware. They might even allow you to delete the app from your Applications folder but continue to run in the background.
Often, if you’ve opened a booby-trapped file, deleting it is still a good idea, but the damage will already be done.
For these reasons, you should take further steps to ensure your Mac is clean.
Check the Activity Monitor
With most legitimate software, you can easily see when it’s running: there will be an icon either in your dock or in the menu bar at the top of MacOS. Malware is much more sneaky, but it can often still be detected in the Activity Monitor.
The macOS Activity Monitor shows you everything that’s running on your Mac, including processes that are running in the background. Furthermore, you can see what’s currently accessing the various resources of your computer: CPU, Memory, Energy, Disk and Network. Clicking on the tabs enables you to sort the entries, so you can see, for instance, what’s using up all your processing power.
Some of the processes will be easy to associate with the applications on your Mac, while others will have long-winded or technical names that you may not recognize. If you’re not an expert, it’s hard to know what should or shouldn’t be there. However, if a process you don’t recognize is using a large amount of CPU, memory, disk or network resources, it could well be malware. Note down the name of the process and do a web search to find out more about it.
The Activity Monitor allows you to stop processes from running. This helps if MacOS stops you deleting malware because it’s running in the background. Double-click the process you want to stop. In the window that opens, click Quit. Now select Quit or Force Quit.
Boot into safe mode
Safe mode allows you to start up your Mac with only the software and extensions it needs to run. This can be useful because malware often runs at login, which can make it difficult to remove. Safe mode also deletes some system caches, so they can be rebuilt again automatically.
Logging into safe mode also allows you to rule out other problems with your Mac. For example, if your Mac is running slowly during normal operation but is fine in safe mode, then the problem is likely to be caused by software, including malware, rather than being a hardware issue.
How you get into safe mode depends on whether you have an Intel processor or one of Apple’s new ARM-based chips. For an Intel Mac, hold down Shift as soon as your Mac turns on or restarts. When you see the login window, you can take your finger off the Shift key. Log in (you may need to do this twice), then you should see ‘Safe Boot’ in the top-right corner of the login screen.
If you have a newer Apple silicon processor, shut down your Mac. Press and hold the power button for 10 seconds, releasing it when you see the startup options window. Choose your startup disk, then hold down Shift. When prompted, click Continue in Safe Mode and release the Shift key. Log in, and you should find your Mac in safe mode.
To check safe boot is on, click the Apple logo in the top-left of your screen, then go to About This Mac > System Report > Software. Check ‘Boot Mode’ says ‘Safe’.
Run a malware scanner
If you don’t already have cybersecurity software installed, do it now. Anti-malware software for Mac, such as MacKeeper, will enable you to detect and remove malicious software.
As well as helping to prevent malware infections in the first place, antivirus is useful as a system diagnostic and Mac malware removal tool as well. You should run it to confirm an infection, and, after you’ve removed the problem, you should run it again to check the malware is gone.
The best thing about security software is that it automates most of the malware-removal process for you. It also picks up infections that would otherwise go undetected.
Restore or reset your Mac to remove malware
If all else fails, you may need to restore your Mac completely - at least to an earlier point in time. If you have Time Machine set up, you can quickly restore your Mac to a state that it was saved at before it became infected.
If you’re not using Time Machine, or it fails for some reason, then you might have to go for the nuclear option: factory resetting your Mac.
This is an extreme option, but if you’re completely stuck, it may be necessary. If you can, back up any important files to an external hard drive or cloud storage site before initiating a reset.
Prevent your Mac from getting malware
Prevention, they say, is better than the cure - but before you can do that, you need to acknowledge that Macs are vulnerable to malware in the first place. As we said in our intro, there’s a long-standing myth that Macs simply do not get viruses.
This isn’t true. People think it is because Macs have traditionally been less of a target for hackers than Windows PCs. But this situation is changing fast. As Macs have grown in popularity, there has been an explosion in the amount of malware aimed at them. One estimate suggests a 400% increase in Mac malware in 2019.
To reduce the chances of falling prey to malware, there are a few basic steps you can take:
- Do not open email attachments from people you don’t know
- Never download files from piracy websites
- Avoid clicking on website popups, particularly on sites you do not trust
- Download and install a malware cleaner and antivirus application, such as MacKeeper, which will alert you to suspicious software on your Mac
- Keep your Mac updated at all times
Hopefully, following this guidance will prevent malware from ever appearing on your Mac. But if it still does, the advice in this guide will help you to get your Mac back on track.