Mac Malware Removal Guide: How to Remove Malware from Your Mac

Next story

If the worst happens and you think your Mac has been infected with malware, you need to act quickly and methodically. There are a few tell-tale signs that your device has been compromised, including slow-running and erratic performance, so be sure to review these.

Before you get going on ridding your device of malware, having antivirus software for macOS installed will be incredibly helpful. It will form an important part of the malware removal process and help identify whether you’ve even been infected in the first place.

Follow the simple steps below to identify and then remove malware from your Mac.


Step One: Disconnect from the internet

This is something you need to do immediately. Think of it as damage control. It’ll serve a couple of purposes:

  • Prevent any more of your data being sent to a centralised server
  • Stop the malware from potentially spreading further

We appreciate this step may be difficult to achieve, especially if you need to use the internet to download a malware removal tool for your Mac, but if you can limit the amount your device is online-connected, it can make a big difference. If you do have to connect, do so for as short a time as possible and then disconnect immediately.

We’d also strongly advise you against logging into any accounts until the computer is cleaned, whether it’s social media, email or online banking.


Step Two: Boot into safe mode

This is another step in securing your Mac and ensuring the malware has a limited opportunity to spread or cause harm. ‘Safe mode’ allows you to boot up your Mac in a way that minimises risk. It does this by launching only the absolutely necessary software required to run your device, and performing a series of checks. This means that any malware designed to run on launch will be stopped and should be easier to identify and remove.

To enter safe mode on Mac, simply:

  1. Press the power button and immediately hold the Shift Key. Whether you are booting up a Mac that has been switched off, or are restarting, the method is the same.
  2. Wait for the Apple logo to appear, but keep holding the Shift Key.
  3. Release the Shift Key when the login window appears.

Step Three: Examine your activity monitor for anything unusual and close anything suspicious 

To open your Mac’s activity monitor, browse to the following:

Finder > Applications > Utilities > Activity Monitor

Why do you need to do this? Well, this will allow you to check for any suspicious activity occurring on your Mac computer. Maybe you’re unsure about a recent update you installed, or noticed an application that you simply don’t recognise.

When you’re in the activity monitor, you’ll be able to spot any programs you’re unsure about, as well as check the level of resources currently being used by each application. Many malware applications use a considerable amount of your computer’s resources, so checking the CPU tab can help you spot a malicious program.

If you do find something you’re worried about, you can close it on your activity monitor to stop it running. If you do this, you’ll then need to search for the application using Finder to actively delete it.

Action point: close and delete any suspicious applications

To close an application in the activity monitor, you’ll need to do the following:

Finder > Applications > Utilities > Activity Monitor > Click on the application > Quit

Be aware that activity monitor will likely contain a fair few programs which, whilst you may not recognise them, are standard macOS processes and necessary for your device. Be sure to carefully research these via a trusted site (eg. Apple support) to determine whether or not they are infections and if they should be removed from your computer.


Step Four: Scan your Mac for malware 

If you’ve spotted something in your activity monitor, or you’re sure you have got a malware problem, the best thing to do is run a scan. If you already have antivirus software installed, it should offer the ability to run an instant scan. If not, you can download a trustworthy antivirus software for home or business users and get to work – you’ll need to re-connect to the internet to do this. A scan should be able to discover, quarantine and remove malware for you.


Step Five: Verify your browser's homepage 

This is another simple way to check whether you’ve been infected, as it’s incredibly common for malware to change the default homepage of your web browser.

Again, your internet connection will need to be re-enabled to do this. We’ll run you through the most common browsers used on Mac; Google Chrome and Safari.

Checking your Chrome homepage:

  1. Click the ‘three vertical dots’ or ‘kebab’ menu in the top right corner of your browser
  2. Select ‘Settings’
  3. Click ‘Search engine’ in the menu on the left navigation
  4. Check which search engine is displaying in the ‘search engine used in address bar’ row

Checking your Safari homepage:

  1. With the browser open, select ‘Safari’ in the menu bar
  2. Browse to Preferences > General
  3. There will be a number of options including ‘New windows open with’, ‘New tabs open with’ and ‘Homepage’
  4. Check that each says ‘Homepage’ and what your homepage is – the default for Safari is the Apple homepage

Action point: If you discover your homepage has changed, your first step is to change it back and follow the other steps outlined in this piece to insure you’ve removed the malware.


Step Six: Remove any suspicious browser extensions

A very clear and quick way to remove malware from your Mac could simply be to delete the program itself. One of the more obvious malicious programs could be a browser extension that either you’ve installed by accident, or the malware itself has added to your browser. Checking your extensions is simple, and deleting them is as easy as clicking a button, so it can be a good idea to review your extensions regularly.

To delete an extension on Chrome:

  1. With Chrome open, click the ‘vertical three dots’ or ‘kebab’ menu in the top right corner
  2. Click More Tools > Extensions
  3. Check your list of extensions for any you’re unsure about
  4. Click ‘remove’ to delete the extension

To delete an extension on Safari:

  1. With Safari open, select ‘Safari’ in the menu bar and browse Preferences > Extensions
  2. Turn off an extension by removing the tick from its checkbox
  3. To completely uninstall an extension, select it and click ‘Uninstall’

Step Seven: Clear your browser's cache

Next up is clearing your cache. Once you’ve completed the other steps, this is one of the last things you need to do to help protect your browser and your data. Fortunately, clearing your cache is really simple in each browser.

Clearing your cache in Chrome:

  1. With Chrome open, click the ‘vertical three dots’ or ‘kebab’ menu in the top right
  2. Browse to History > History
  3. Select ‘Clear browsing data’ on the left to open a pop up window
  4. Select ‘Time range’ to ‘all time’
  5. Click ‘clear data’

Clearing your cache in Safari:

  1. With Safari open, select ‘Safari’ in the menu bar
  2. Browse to Preferences > Privacy > Manage Website Data
  3. Click ‘remove all’ 

Step Eight: Uninstall all suspicious apps

Finally, you should check your Mac for any suspicious apps. You may well have already found these and removed them through a scan or your activity monitor, but it’s always worth investigating. If you see anything suspicious, uninstall it.

Uninstall apps from your Mac with these simple steps:

  1. Open ‘Finder’ in the task bar
  2. In Finder, you just need to browse to ‘Applications’
  3. At this point, you have three options:
    ◦ Open the app's folder and see if it has its own uninstaller. Double click on the installer to uninstall. Obviously, if you're worried about the legitimacy of the app, you may also want to be concerned about the uninstaller, so it could be worth using another method.
    ◦ If there isn’t an uninstaller, drag the app from the folder to the trash basket at the bottom of the screen. An app will be removed completely when you empty your trash.
    ◦ Check for a file stored inside package contents, similar to ESET's uninstall process. Right-click or two-finger-tap on the app in applications, select show package contents, go to 'helpers', run 'uninstaller' – but be aware that location may vary.

What happens if these steps don't fully remove the malware from my Mac?

Factory reset is your final option; if you’ve followed these eight steps, exhausted all your options and still haven’t managed to remove the malware, you’ll need to resort to restoring your Mac to its factory settings.

When you do this, you’ll completely remove all the data on your Mac, so make sure you have a backup saved from before your malware infection.

How to make a backup on Mac
Apple offers a free backup software called Time Machine that you can use simply by plugging in an external storage device. For more information on backing up your Mac check the Apple Support Centre.

How to perform a factory reset on Mac
To perform a factory reset on your Mac, follow these steps:

  1. Enter ‘Recovery Mode’. Do this by restarting or booting up your Mac and immediately pressing and holding Command-R until you see the Apple logo
  2. You’ll be shown the MacOS ‘Utilities’ window. Select Disk Utility > Continue > Startup your disk
  3. Click ‘Erase’
  4. You’ll need to create a name for the new volume; we’d recommend the default Macintosh HD
  5. Choose to format to APFS
  6. Click ‘Erase Volume Group’ and wait
  7. Quit Disk Utility then choose to reinstall macOS from the Utilities window.

Remember, this will completely wipe your hard drive and start fresh, ensure anything valuable is backed up elsewhere (eg. on an external hard drive or via Cloud storage).


How does a Mac get infected with malware?

Malware can infect your Mac in a number of ways. While Macs are known for their robust antivirus and anti-malware restrictions, it’s still possible for your device to become infected. The main ways you’ll find malware installed on your Mac include:

Infected ads & pop-ups
This can be as simple as clicking on a pop-up and downloading malicious software. Users can be caught out by these on almost any site, so keep your wits about you.

Emails & messaging apps
One of the most common types of malware infection comes via email or messaging. All you need to do is click on a bad link or download a dodgy attachment and you’ll have a malware infection in no time.

Drive-by downloads
Hackers can redirect you to a different site that you weren’t expecting, and trigger an automatic download, making these very tricky to prevent.

USB flash drives
This may feel old-school, but it’s still a very common way for malware to spread. Simply plugging in an infected USB can be enough to spread the malware it holds.
Cybercriminals employ many tactics for infecting devices with malware, and these are just four methods they have at their disposal. The best way to keep your Mac malware-free is to prevent any contact with it; learn more about malware to help protect your machine.


How to keep your Mac clear of malware

Do you need antivirus for macOS? Yes: a good antivirus for Mac should never be overlooked. It’s the easiest way to make sure your device is kept secure, as it can check your Mac in real time and proactively block malware before it takes hold.

To keep your Mac free of malware infections, a few other tips include:

  • Updating your software regularly  Whether it’s one application or your entire operating system, it’s important to keep your software up to date. Some attackers are known to exploit loopholes in older versions of software.
  • Don’t click on suspicious links, ads or emails – This is one of the main ways that malware spreads. Always be cautious of links, even if they look like they’re from a legitimate source.
  • Only visit sites you trust and use a firewall – Check for a small padlock next to the URL that shows the site is using SSL. In addition, consider using a firewall to protect you while you browse online.
  • Use two-factor authentication and a password manager – Keeping your passwords secret and your accounts secure is important. Then, even if you do get infected, you can still protect your data.
  • Back up your data regularly – Regular backups allow you to replace any data if it’s damaged or corrupted, and will also help you should you need to perform any factory resets.