Links on Android Authority may earn us a commission. Learn more.
How to check for and remove malware from a Mac
Yes, you can get malware on a macOS product. It doesn’t happen very often, but it is frustrating when it does. Usually, it only happens if you install some shady software from an unknown source. Apple has several safeguards to prevent it, but sometimes things happen. If you’re here, it’s because you want to know if your Mac has malware and how to get rid of it. We’ll show you how to check for and remove malware from a Mac.
This tutorial was written with a 2020 MacBook Air running macOS Monterey 12.4.
Read more: How to look up charge cycles on any Mac
To check for malware on a Mac, open Finder-->Utilities-->Activity Monitor. Check the CPU and memory usage since the first symptom of malware is usually performance issues. Similarly, check for apps with Full Disk Access and your Login Items. You may need a malware scanner app like Malwarebytes if all else fails. Once identified, remove the app from your system.
JUMP TO KEY SECTIONS
How to check your Mac for malware
There are quite a few signs that your Mac may be infected. Your machine may be sluggish when performing simple tasks, your browser homepage may change on its own, you get way more ads than normal, and you may even get security alerts without scanning your Mac. In short, if your Mac is acting funky for no reason, malware may be the cause.
Check your CPU and memory usage
- Open Finder and click on Applications.
- Open Utilities and then Activity Monitor.
- Sory by CPU Usage by clicking on the category and looking for any applications with abnormally high CPU usage or apps you don’t recognize.
- Google the apps you don’t recognize to ensure they aren’t system processes you were unaware of.
- Next, tap the Memory tab toward the top right and check for high memory usage.
- Once again, check for apps you don’t recognize, and Google any apps you don’t recognize.
You can usually find any malware by this method. If you find anything you don’t recognize and it’s not a system process, follow the steps below to remove it from your Mac.
Check your Full Disk Access and Login Items
Malware usually starts on startup and has more permissions than it should. Another good place to check is your startup apps and your Full Disk Access apps to see if anything is amiss.
- For Full Disk Access, open System Preferences–>Security & Privacy–>Privacy.
- Find Full Disk Access on the left and click it. The right side should populate with all apps that have full access to your disk.
- You’ll have stuff there, like sshd-keygen-wrapper, that is entirely normal and part of macOS. However, you should Google anything you don’t recognize to find out where it came from.
- For Login Items, go back to System Preferences and click on Users & Groups.
- Click the Login Items, and the window will populate with everything that opens immediately when you start your Mac.
- Google for anything weird that you don’t recognize.
Again, if you find anything funky there that you didn’t install and isn’t a system process, go ahead and delete it from your Mac.
Check other locations
There are some other places you can check, especially if it’s a browser extension or plugin causing problems.
- First thing’s first, try to identify the malware. Usually, the company splashes its name and logo on whatever webpage it forces Safari to open. You can use the above methods as well.
- Most malware gets installed in the Library folder, so let’s start there. Open Finder then hit Command-Shift-G.
- Type /Library and double-click on the /Library search result.
- Try heading to the LaunchAgents, LaunchDaemons, and Application Support folders and deleting anything that pertains to the plugin or extension that you believe is causing the problem.
This is a bit more of a power-user solution, so proceed at your own risk. As per the norm, Google anything you don’t recognize so you don’t accidentally delete something you need.
Use an antivirus or anti-malware scanner
There are several of these available from several trusted sources. We recommend Malwarebytes since you can use it for free to scan and disinfect an already infected Mac. It says you have a 14-day trial, but that’s for the advanced features. The scan and clean parts are always free. Some other options include Avast, Sophos, Bitdefender, and others.
- Download the app of your choice and install it on your Mac.
- Open it and run a scan. The app will scan and tell you if it finds anything suspicious.
- Usually, the app can then clean it out from there, and you’re all done.
This is the easiest option for folks who aren’t the most tech-savvy. The app does all the work for you, and you don’t have to Google anything to see if it’s supposed to be there or not.
How to remove malware from your Mac
When you have identified the malware, what do you do next? Get rid of it, of course. Here’s how to get rid of malware on your Mac.
The manual method
- The first step is identifying the malware on your machine, which we did in an earlier step.
- Once you know what it is, uninstall the app. You can do that by opening Finder and then clicking Applications.
- Drag and drop the malware into the Trash. You may need to enter your username and password to confirm in some circumstances.
- Open Trash and tap the Empty button in the top right area. Or right-click the Trash can in the Dock and select Empty Trash.
- Finally, open your Download folder and delete the files that may have installed the app to be safe.
Using an antivirus app
- Using an antivirus app is exceedingly easy. Open your app of choice and run a scan.
- Your antivirus app should find the malware pretty quickly.
- Once the scan is done, have your antivirus app clean your machine.
You can use either method, and you should get rid of your malware pretty quickly. However, there is one more method in case things are not going well and the malware is difficult to eliminate.
Factory reset your Mac and reinstall macOS
Yes, the old wipe and nuke is a valid method to eliminate malware. It’s also the only method that guarantees 100% success. Please make sure to back up your files and photos before you start, and remember, this is an extreme solution, so we don’t recommend this unless nothing else is working.
- To start, make a bootable macOS flash drive. Here is a tutorial on how to do that.
- Open System Preferences. Tap System Preferences again in the top left corner of the screen.
- Select Erase All Content and Settings.
- Enter your password and tap OK.
- Say goodbye to the malware and everything else on your machine.
- When you’re done, turn the machine off, plug in your bootable USB, and turn it back on. Select to install macOS. Follow the instructions until you have reinstalled the OS.
- Please note that you may need an Internet connection for the reinstall.
You should be free of malware at this point, so let’s talk about how to keep it from happening again.
How to keep your Mac safe from malware
Keeping your Mac safe from malware is honestly pretty easy. You just have to exercise a bit of caution. Apple already restricts installations to a certain extent, so getting malware, to begin with, is not easy. Still, there are a few things you can do.
- Only get apps from approved sources — The App Store is one such source, as well as generally trustworthy developers like Adobe, Microsoft, Google, etc. Make sure you’re always downloading apps from that product’s actual, official website.
- Keep your Mac up to date — That’ll ensure it has the latest security updates directly from Apple, making it much harder for bad actors to get into your machine.
- Don’t install browser extensions until you vet them — A lot of malware comes from browser extensions. It’s easy enough to get rid of but can cause some damage. Only install a browser extension if you trust the developer or you’ve done your research for it.
- Don’t disable existing permissions — Apple allows you to turn some security stuff off. We recommend that you not do that unless you absolutely have to, but turn it back on as soon as possible afterward.
- Run the occasional scan — You don’t need anti-malware software on your Mac 24/7. However, it’s good to download a free one now and then to run a quick scan just to be sure.
- Use Time Machine to keep a backup — Time Machine saves your stuff, so if you have to factory reset or something, you can at least get your files back. We recommend an external drive for this in case you lose access to your machine.
Above all else, just use common sense. Don’t let that YouTube downloader download and install extensions. No, you don’t need Adobe Flash Player to play that MP3 you downloaded. Finally, never install anything sent to you in an email unless you know the person who sent it.
Most of the methods above work because of how macOS keeps apps in their own little packages. However, wiping and reinstalling macOS will completely wipe out everything on your Mac and is the most effective method
Technically, yes. Mac devices have three things that help prevent malware. They are Gatekeeper, Notarization, and XProtect. XProtect, in particular, compares your system to an Apple-created database of known virus signatures and lets you know if it detects malware.