How To Get Rid of Malware on Mac: Removal Guide

There's no doubt that for a long time, Mac users didn't have to worry about viruses and malware. One of the biggest reasons for this is that Apple has written software specifically to control which programs can be run on their devices, named Gatekeeper. 

There is also another piece of software called XProtect, which runs in the background on Macs and constantly scans for malware. This is highly effective, as Apple does a good job of keeping its list of malware and other malicious programs up to date.

The previous lack of viruses and malware is part of the reason Macs have become so popular and a status symbol. But now the popularity of Macs is part of the reason that new types of malware are developed every day. According to independent security institute AVTest, there were 670,000 pieces of malware targeting macOS in 2020. This is more than 56,000 pieces of malware per month. In addition, there were 48,000 pop-up ads identified.

Thankfully, this figure doesn’t seem quite as high in 2021. In the year up to November, only 17,210 pieces of malware have been found, or 1,434 per month. This may be due to security patches, cleaner software, or increased user awareness of the threat of malware.

Unfortunately, things can slip through the net, and you can still end up with malware on your Mac. If this has happened to you, read on for advice about how to remove it.

How to detect malware on Mac

Malware is not always immediately obvious, but there are red flags to look out for. Be wary if your Mac displays any of the following behaviors:

• Your Mac runs unusually slow
• It heats up even when you're not doing anything that would use lot of processing power 
• Your Mac hangs randomly or apps crash 
• Your Mac behaves in a way it doesn't usually 

If you’re concerned, you can do a bit of investigative work using your Mac's built-in Activity Monitor tool. Click on Spotlight to search for it. Once it's open, you can see a list of all the programs and processes using processing power on your Mac. If there are processes that you don't recognize using lots of resources, that's a sign that malware may be present.

Top tip. Even if you suspect malware, it's unwise to delete any processes until you're sure what they are. Developers of legitimate programs don't always name processes in a way that makes it clear what they are. Try searching on the internet for more information first.

How to remove malware from Mac

Boot in a Safe Mode

Before beginning the malware removal process, you should follow these steps:

1. Disconnect your Mac from the internet, and leave it disconnected until all traces of malware and viruses have been removed. Click on the Wi-Fi icon in the top corner and toggle the button off. If you don't do this, the malware may reconnect to its server and infect your Mac again
2. Boot your Mac in safe mode. The problem with malware is that some types load on startup, so it's impossible to stop it from running. Safe Mode loads only the basic files your Mac requires to start, meaning malware should be prevented from running automatically

For Intel Macs
 

1. Reboot or power up your Mac
2. As soon as it switches on, hold down the Shift key
3. Keep holding Shift until you see the login screen
4. Log in as normal, and you should see Safe Boot in the top right of the screen

For M1 Macs
 

1. Shut down your Mac completely
2. Press the Power button, and hold it down
3. Once you see the startup options window, release the power button
4. Choose the drive you wish to boot from, then hold down Shift
5. You'll be presented with an option to Continue in Safe Mode. Click it and let go of Shift
6. Log in as normal, and your Mac will be running in safe mode

If your Mac has been behaving strangely then appears to return to normal running once you boot it in safe mode, that suggests either it’s been infected with malware, or you have another software problem.

The easiest way to find out is to run one of the many programs available that scans for malware. Some of the veterans of the protection software market have malware features, including BitDefender, MacKeeper, Sophos and Malwarebytes.

If these steps don't work, it's best to run malware removal software to completely clean your Mac. The example used here is Malwarebytes for Mac. 

1. Once the software has been installed, click the Get Started button
2. Choose whether you’re using the software for a personal or work computer
3. Click the Scan button in the center of the app screen
4. The scan could take five to 20 minutes to run. Once the scan is finished, you'll see a list of all infected items
5. Click the Quarantine button to remove them
6. If prompted, restart your Mac

Check your profiles

In the past, only network administrators used profiles in a business setting to control what could and couldn’t be installed on your Mac. Now, malware corrupts profiles to prevent you from deleting it. To check your profiles, follow these steps.

1. Click your Apple logo in the top-left of your screen and choose System Preferences
2. In the search bar in the top right, search for Profiles. If you can't find this option, you have no profiles, so you can skip the rest of these steps. If it appears, click the Profiles icon 
3. If there are any profiles you don't recognize in the left-hand box, highlight it and click the minus button at the bottom to remove it

Remove suspicious applications

It's a good idea to check a list of programs identified as malware for Apple devices. A simple Google search should find this for you.

1. In a Finder window, choose Applications from the toolbar on the left
2. Check the applications, and look for any apps on the malware list you downloaded and any other applications you don't recognize
3. Right-click on the application you want to remove, then select Move to Bin
4. Right-click your trash can, and choose Empty Bin to completely remove the files

This will remove the basic files, but fragments may be left behind. If you remove apps this way, it's worth downloading a cleaner program to remove the rest of the files afterward.

Remove malware from Safari and Chrome on Mac

Unfortunately, malware can also hijack your browser and force it to display ads, change your homepage, and, most worryingly, log your activities online to steal personal data. If you suspect your browser has been hijacked, follow these steps:

How to remove malware from Safari on Mac 

1. Go to The Safari menu at the top of the screen, and choose Preferences 
2. Firstly, on the General tab, check your homepage, as the malware may have changed it. If it's not a site you recognize, change it to a safe site like  
3. Click the Extensions button  
4. You will now see a list of all the extensions that run on your browser. Look through the list for anything you don't recognize. You should check against the list of malware you downloaded earlier
5. If you identify an extension you believe is malware, highlight it and click the minus button to delete it
6. Finally, go to the Search tab, and make sure your Mac is set to use a search engine you trust
7. Reboot your Mac for the changes to take effect

How to remove malware from Google Chrome

It's possible to delete extensions and reset your homepage on Chrome manually, but it's easier to use its Restore To Defaults option

1. Go to Chrome's menu, by clicking on the three dots in the top right 
2. Choose Settings from the list
3. Click the Advanced button at the bottom of the tab that appears
4. Halfway down the Advanced tab, there’ll be an option called Reset settings
5. Click on the Restore settings to their original defaults option
6. Click the Reset button to confirm

What to do if you can't get rid of malware on Mac

If you can’t get rid of malware, your only option may be to restore your Mac back to its factory settings. This will delete all the malware, as it only installs the files your Mac came preloaded with.

Normally, if you have an issue with software running on your Mac, you can restore a Time Machine backup. However, you may not know exactly when your Mac was infected with malware. If you restore a Time Machine backup, you risk restoring the malware too. That's why you should make sure your important files are backed up to iCloud as well.