No matter what you’ve heard, Macs get viruses too. There are a handful of indicators that your Mac may be infected by malware: your computer running slower or working harder than usual (or overheating), apps or programs crashing unexpectedly, or unfamiliar software or processes running on your device.
Here’s what to do if you suspect a malware infection on your Mac—and how to get rid of it.
Disconnect your Mac from the internet
An active internet connection may allow malware to spread across your network to other devices or communicate information to and from bad actors, ultimately making it more challenging to isolate and remove. If you need to download any programs to address a potential infection, such as a malware scanner, do it quickly.
Otherwise, cut your device off from the internet, and don’t reconnect until you are sure the threat is gone. You should also avoid signing into any accounts that require credentials, as some malware includes keylogging capabilities that steal your passwords.
Restart in safe mode
When you restart in safe mode, your Mac prevents some software from loading and runs a check on your startup disk, allowing you to isolate and address potential issues. The process for entering safe mode depends on whether you have an Intel-based Mac or a Mac with Apple silicon. If you aren’t sure what you’re running, click on the Apple in the top left of your screen, then choose About This Mac to clarify. Apple silicon will be labeled as Chip, followed by an M-series processor (e.g. M1 or M2 Pro), while Intel Macs will be labeled as Processor.
To restart an Apple silicon Mac in safe mode, go to the Apple menu > Shut Down and wait for your device to turn off completely. Then press and hold the power button until Loading startup options appears. Select a volume (likely Macintosh HD for most) then press and hold Shift and click Continue in Safe Mode. When your device restarts, you’ll see Safe Boot in the menu bar.
For an Intel-based Mac, restart your device and press and hold Shift until the login window appears. Log into your device, and you should see Safe Boot in the menu bar.
You can also confirm that you’re in safe mode by pressing and holding Option, then choose Apple Menu > System Information > Software. Under System Software Overview, look for Boot Mode: Safe. If it says Boot Mode: Normal, you are not in safe mode.
Run a malware scan
Apple has built-in antivirus software called XProtect, but you can’t run manual, on-demand checks with it. It may be best to use a second-opinion scanner to identify, quarantine, and remove whatever XProtect may have missed. Lifehacker sister site PCMag recommends BitDefender as the best antivirus software for Mac. If you’re looking for free solutions, PCMag also recommends Avast and Malwarebytes for addressing malware infections.
Monitor your Mac’s activity
Activity Monitor on macOS shows you real-time information about processes running on your device, including memory usage and activity across disks and networks. This is a good way to identify suspicious programs or processes that may be malware.
To open, go to Launchpad and search for Activity Monitor. Look for any unusual names or processes that are hogging CPU or memory, then double-click and quit them. You should also quit any applications that are currently running until you identify the source of the problem.
Reset your browser
Malware can also modify browser settings, so you should reset any browsers on your Mac to their defaults. Safari doesn’t have a singular restore settings button, but you can manually reset it to its default by clearing browsing data.
On Chrome, open Settings from the three dots in the upper-right corner. Tap Reset Settings in the left toolbar and select Restore settings to their original default. Confirm with the Reset settings button. On Firefox, go to Menu > Help > More Troubleshooting Information and click Refresh Firefox > Refresh Firefox > Finish.
Also consider disabling and removing extensions you may not recognize, or believe may be slowing down your browser and Mac. You’ll find them in Settings > Extensions (Extensions & Themes on Firefox).
Remove temporary files
Malware may install temporary files on your Mac that allow it to operate or hide, so you can consider deleting these from your device. However, a good malware scanner should find these types of files on their own, so you shouldn’t need to delete them yourself. If you don’t know what you’re looking for, you might end up deleting files that help your Mac run smoother.
If you want to delete these temporary files yourself, however, here’s how: Open a Finder window and press and hold Shift + Command + G. Type ~/Library/Caches into the search bar to pull up temporary files, select any you want to delete to open them in a Finder folder, and press Command + Delete (or Control + click > Move to Trash) to move to Trash. You’ll also want to empty the Trash to delete the files permanently from your device.
Restart (or reinstall) macOS
Once you are confident the malware threat has been eliminated, you can restart your Mac in its normal mode. However, if you believe or worry any remnants of malware are still present, you may need to get a fresh start by reinstalling macOS from Recovery.
While you can restore from a backup to make things the way they were before the reinstall, note that you should only do so if you are sure the backup was made before your device was infected with malware. If there’s a chance you made a backup with the malware infection in place, don’t use it.
