Contrary to a popular myth, calling Macs malware-free is a misnomer. These machines are on the receiving end of large-scale adware, scareware, and spyware attacks. To top it off, crypto mining viruses and ransomware focused on this ecosystem are on the rise, too. Apple’s Gatekeeper, XProtect, and app notarization features are incredibly effective in blocking predatory code, but malicious actors are getting better at bypassing these defenses.
Mac Malware 101
Most instances of MacBook contamination happen because of users’ blunders that range from green-lighting malicious application bundles to falling for deceptive pop-up ads on junk websites. Once inside, malware may harvest sensitive data from your financial or accounting software, for example. Malware may also display exaggerated reports about security and performance issues, hold the victim’s files to ransom, take over the web browsers, and do many other nasty things.
The silver lining is that the world of MacBook threats is dominated by nuisance apps rather than deleterious malware. Things like Yahoo search malware that inject unwanted advertisements or redirect its victims’ browsers to junk sites is the name of the game. The bad news, though, is that these culprits are increasingly persistent due to their deep system footprint. In other words, they resist commonplace software uninstall methods and re-infect computers unless the cleanup is thorough enough.
No matter what kind of harmful software has cropped up inside a MacBook, the following tips will help disinfect the system and put it back on track.
Malware Removal from MacBook – Best Practices
It is important to understand that Mac malware is always manifested as a specific dubious application or a double-dealing browser plugin. Therefore, the cleanup comes down to finding and eliminating this item along with its file traces. The steps below will show you how.
Step 1. Stop the Malicious Process
Click the “Go” button in your MacBook’s menu bar, select “Utilities” in the pull-down list, and open the Activity Monitor.
Look for a suspicious process. Focus on the items that create multiple threads, have unfamiliar icons, and hoover up a good deal of CPU and memory resources.
If you find the unwanted process, click the “X” button in the upper left-hand section of the Activity Monitor app and then click the “Force Quit” button on the confirmation dialog.
Step 2. Uninstall the Rogue App
- Click the “Finder” icon in your Dock and select “Applications” in the sidebar.
- Spot a dodgy-looking app with a recent installation date and move it to the Trash.
Step 3. Delete Malicious LaunchAgents and LaunchDaemons
- Expand the “Go” menu once again and pick “Go to Folder”.
- Enter ~/Library/LaunchAgents in the search box and hit the Enter key.
- Check the LaunchAgents folder for recently added dubious *.plist files and delete them.
- Use the “Go to Folder” feature to open the following directories: /Library/LaunchAgents (without the tilde symbol), /Library/LaunchDaemons, and ~/Library/Application Support. Examine their contents and remove suspicious files and folders.
Step 4. Purge Unwanted Login Items
- Click the “gear” icon in your Dock to open System Preferences.
- Select “Users & Groups”, and hit the “Login Items” tab.
- To make changes, click the padlock symbol at the bottom left of the window and enter your admin password. Then, select the offensive app and click the “minus” sign to remove it from the list.
Step 5. Vanquish a Malware-Cropped Device Profile
- When on the System Preferences screen, pick “Profiles”. This item may not be there if no configuration profiles have been installed on your Mac. However, most Mac threats abuse this feature to gain persistence.
- Click the “Profiles” icon if listed, select the malicious profile, and make it vanish by clicking the “minus” sign.
Step 6. Empty the Trash Folder
- Right-click the Trash icon in your Dock and select “Empty Trash” in the contextual menu as illustrated below.
- When a dialog pops up, confirm that you want to clear the contents of the Trash folder.
Step 7. Clear Sketchy Data in Safari
- Open the browser, expand the Safari menu, and select “Preferences”.
- Hit the “Advanced” tab and make sure that the option saying “Show Develop menu in menu bar” is enabled.
- Open the “Develop” list in the menu bar and select “Empty Caches” as shown in the following image.
Click “History” in the Safari menu and select “Clear History”. Keep the default “all history” option enabled and click the “Clear History” button on the confirmation alert.
- Open the Safari Preferences interface again, click the “Privacy” tab, and select “Manage Website Data”.
- Pick “Remove All” to erase the information stored by websites you have visited. Click “Done” to confirm.
Step 8. Reset Google Chrome (if Hijacked)
- Open the browser, click “Customize and control Google Chrome” at the top right, and choose “Settings”.
- Click “Advanced” in the left-hand toolbar and select “Reset settings”. Click the “Restore settings to their original defaults” option and complete the procedure by hitting “Reset settings” one more time.
Step 9. Reset Mozilla Firefox (if Impacted)
- Open Firefox, click the menu button, go to “Help”, and select “More Troubleshooting Information”.
- Click the “Refresh Firefox” button and confirm that you want to reset the browser to its default settings.
The Bottom Line
Safeguarding your MacBook against malware proactively will save you the hassle of going through cleanup that gets complicated at times. The number one sign of proper vigilance is to avoid freeware installers hosted on unofficial resources. These items often turn out to be packages that cloak dangerous applications.
Also, ignore software update recommendations popping up on websites and do not download email attachments – these are notorious contagions and should be treated as such. If you have slipped up and unwittingly allowed malware to raid your MacBook, use the steps above to sort out the problem.