The Rise of Mac Malware: How to Spot It and Remove It

The issue of how to remove malware from Mac has become a hot topic over the years - and with good reason.

Mac malware is on the rise and shows no sign of stopping.

Here we take a look at some of the most recent malware threats faced by Macs in 2019, symptoms of malware on your Mac, and the best removal tools (as voted by MacUpdate users) to get the job done.

Ready? Let's go!

Here's what you'll learn in this post:

• Do Macs need malware protection?
• The 5 best Mac malware removal tools
• The most recent threats
• Signs of malware on Mac
• How to recover from an attack

Do Macs Need Malware Protection?

In a word: Yes.

Despite earning a reputation for being almost impervious to viruses, Apple devices are facing a growing threat of malware - one that's been bubbling away for 15 years.

• The first example of macOS malware dates back to 2004.
• More recently, a 2018 report highlighted a 270 percent increase in Mac malware.
• Of the ten most popular cyberattacks in the first quarter of 2019, Mac malware took up two spots.
• April 2019 witnessed a whopping 16 million instances of Mac malware - four times the previous record.

Why is this happening?

The most obvious answer is the fact that Macs are increasing in popularity. As more consumers purchase these devices, more cybercriminals are opting to target them.

This has also coincided with an increase in more complex attacks, such as:

• Adware
• Ransomware
• Phishing sites
• Formjacking
• and cryptojacking

5 of the Best Malware Removal Tools, As Voted For by MacUpdate Community

Malwarebytes

2.8 stars from 114 MacUpdate users.

A well-known name in the world of anti-malware, Malwarebytes is a simple and straightforward solution. It works away in the background largely unprompted, and if you need to run a manual scan, it's only ever a few clicks away.

The free version gets to work cleaning up an already infected Mac, but if you want ongoing protection, you should opt for Malwarebytes Premium. This prevents further malware infections, proactively blocks adware, and runs superfast scans when required.

VirusBarrier X9

3.8 stars from 177 MacUpdate users.

A solid and reliable antivirus for Mac, VirusBarrier X9 from Intego is slick, quick and focused.

There's no feature bloat here as it gets to work on the task at hand - identifying, removing and blocking malware. Folder scanning is fast, and the full scans are thorough.

You can also schedule scans ahead of time, which is always handy.

The downside is the full scan can be time-consuming, while the free trial only offers very limited functionality.

Little Snitch

4.1 stars from 642 MacUpdate users.

Little Snitch's primary function is to alert you to outgoing network connections. It essentially stops your private data from being sent out without your knowledge or approval - sort of like a reverse firewall.

It runs quietly in the background and can also detect network-related activity of malware, trojans and viruses.

But (and there's always a but) it only looks at single connections and overlooks patterns of network activity that malware can engage in.

It's good at what it does, however, there are better malware-busting alternatives out there.

Catalina Cache Cleaner

4.4 stars from 273 MacUpdate users.

An award-winning general-purpose software, Catalina Cache Cleaner (CCC) makes system maintenance a breeze, but we're interested in its capabilities as a malware scanner. We're pleased to report that it shows up well.

CCC helps keep your Mac safe from malware by adding three additional layers of security. It also ships with the open-source, cross-platform ClamAV antivirus built-in. It's always-on, scanning downloads on the fly to ensure you receive the very best malware protection from both Mac and Windows threats.

And the Winner Is...

MacScan

4.5 stars from 127 MacUpdate users.

Designed to scan, identify and delete malware quickly and easily, MacScan is a worthy winner.

Rewritten from the ground up for OS X 10.8 Mountain Lion (and later), it takes a no-nonsense approach to dealing with malware, spyware, Trojans, and more.

Simple and easy-to-use, its comprehensive and consistently up-to-date library of known threats keeps your Mac ticking along nicely. With its new Smart Scan engine, it gets to work in the very areas of your device where security and privacy threats like to hide.

The only real cons are the annual license, and the high CPU usage while scanning. If the latter seems like a fair trade when you get such a complete security solution in exchange.

Bonus review: The Perfect Solution for Post-Malware Attack

SuperDuper!

4.9 stars from 344 MacUpdate users.

A software befitting of its name, SuperDuper is a powerful and popular app for creating a fully bootable backup of your hard drive. It's particularly useful when recovering from a malware attack.

SuperDuper is easy to use and geared towards less technical users, but it also caters to more experienced users with a slew of sophisticated features such as customizable scripts and version control.

What Are the Most Recent Mac Malware Threats?

For the sake of brevity, here are five of the most recent, significant and scary:

• OSX/MaMi
• OSX/CrescentCore
• LoudMiner (aka Bird Mine)
• Mshelper
• CookieMiner

Looking for a full list of recent Mac malware threats? Check out this article from Macworld.

OSX/MaMi

First reported back in January 2018, the OSX/MaMi malware is a nasty piece of work. It exists to route all traffic through dodgy servers in order to steal sensitive info.

The program installs a new root certificate to intercept encrypted communications (eek!), and it can also take screenshots, execute commands, and upload and download files.

OSX/CrescentCore

CrescentCore was found on a number of websites and even showed up in Google search results. It was cleverly disguised and very sneaky.

Before running, it would check to see if it was inside a virtual machine. It would also search for antivirus tools. If the machine was unprotected, it would go ahead and install malicious files.

The alarming part? It had a signed developer certificate, issued by Apple. This meant it could bypass Apple's Gatekeeper.

Although later revoked, the fact it had a signed developer certificate in the first place proves that malware can get through the in-built protection.

LoudMiner (aka Bird Mine)

LoudMiner found its way onto Apple devices via a cracked installer for music production software Ableton Live. It was a cryptocurrency miner designed to use Mac's processing power to make money. Not cool.

Mshelper

First spotted in May 2018, another cryptojacker called Mshelper was causing all sorts of issues.

Those infected noticed hardware problems right away - namely their fans spinning much faster than normal, and devices running hotter than usual. This typically indicates that an often malicious background process is using up processing resources.

CookieMiner

Discovered at the end of January 2019, CookieMiner was able to steal user passwords and login information for cyberwallets from Chrome.

It could also grab browser authentication cookies associated with crypto exchanges, and access iTunes backups to build up a user profile with enough personal information to bypass two-factor authentication.

All of this meant easy access to the victims' cyber currency.

Shout out: Listen to the brilliant Intego Mac Podcast to learn more about the most recent Mac malware threats.

How Do I Know If There's Malware On My Mac?

Okay, that list above makes for some scary reading, right?

That's why it's a good idea to familiarize yourself with the common symptoms associated with malware. If you ever notice any of the following, you can quickly take action and avoid potentially catastrophic consequences.

Common Malware Symptoms

1. Your Mac slows way down, becoming laggy or sluggish. The fan is spinning like crazy and the hardware is overheating. Pages are taking longer to load and the cursor doesn't move in real-time. It's almost as if there's something running in the background, hogging processing power.
2. Your web searches are being redirected to a site you don't recognise.
3. You notice a toolbar or addons in your browser (Chrome, Safari) that you didn't install.
4. You're redirected to spam pages when visiting your favorite websites.
5. Random pop-ups serve ads on your desktop, even when you're not running any programs.
6. Web pages are covered in dodgy-looking adverts - especially sites where you wouldn't usually see ads, such as Wikipedia.

It might not be malware

If you notice any of those signs, don't panic. It doesn't always mean your Mac is infected with malware. There are other reasons why a Mac runs slowly.

The one thing you definitely want to avoid doing is Googling the problem and installing the first thing you find in an attempt to remove the problem.

This could result in you downloading more malicious software and making the entire situation much worse.

Instead, you need to turn to a reliable software solution (like those listed above) to run a check and - if you do have malware - safely remove the offending files.

What to Do if Your Mac Has Malware

If you think your Mac is infected with malware or a virus, take these steps to keep the situation under control:

1. Avoid Passwords - In case there's a keylogger running on your system, avoid typing in passwords or login details. Some more sophisticated malware can also take secret screenshots, so be careful not to expose sensitive information until you're certain your device is clean.
2. Try to Stay Offline - Staying offline can essentially cut off the oxygen supply to the malware. Naturally, this is easier said than done, and if you need to download an antivirus tool after infection, it's not going to be an option. That's why it pays to protect your device right away.
3. Contact Your Bank - If you unwittingly paid for the malware, make sure to contact your bank or credit card provider and explain the situation. They can stop the scammers in their tracks by freezing your card.
4. Shut Down + Restore - If you can, shut down your Mac immediately and restore from a recent backup.
5. Update Passwords - Once you're certain that you've managed to remove the malware, update your passwords. Better yet, use a password manager for yet another layer of security.

How to Recover from a Malware Attack

When recovering from a malware attack on your Mac, there are a few things you need to do:

1. Update your system software

If you've missed a recent update, you could leave your device vulnerable to further attacks. It might even be the reason why you suffered the attack in the first place!

Click on the Apple menu icon > Select App Store > Click on the Updates tab > Install all available updates.

2. Check the disk for errors

Apple's Internet Recovery Partition allows you to safely check the hard drive for anything out of the ordinary.

Restart your device > As it reboots, hold down Command + R > Once rebooted, you should see the Internet Recovery Partition > Select Disk Utility and click Continue > Click on First Aid > Click Run.

Your Mac will now run a scan on the hard drive to look for errors and - if possible - fix them.

3. Use SuperDuper

If you have SuperDuper installed, you should reboot from the previous day's backup, reformat your drive and move forward malware-free.

The Bottom Line

Malware can cause mayhem on a Mac - and fast.

These days, it's often not enough to just be careful when you're browsing and vigilant about what you open or download. You have to be proactive and take steps to protect your device and the data it holds.

Download a malware removal tool today, and have a recovery plan up your sleeve should you need one. If you ever cross paths with Mac malware, you'll be glad you did.