A phishing scam has targeted Mac users by redirecting them from legitimate websites to fake websites which tell them that their computer is infected with a virus. The user is then offered Mac Defender 'anti-virus' software to solve the issue.
This “anti-virus” software is malware (i.e. malicious software). Its ultimate goal is to get the user's credit card information which may be used for fraudulent purposes.
The most common names for this malware are MacDefender, MacProtector and MacSecurity.
Apple released a free software update (Security Update 2011-003) that will automatically find and remove Mac Defender malware and its known variants.
The Resolution section below also provides step-by-step instructions on how to avoid or manually remove this malware.
A deep dive into the Mac malware waters The 2020 Malwarebytes ' State of Malware Report,' took a deep dive into the real-world threats that faced Android and iOS users, browser-based attacks. In fact, the company identified the first Mac malware threat in 2017! Using the app couldn’t be easier. Just select Scan, and the software quickly alerts you to any malware infection — often.
How to avoid installing this malware
If any notifications about viruses or security software appear, quit Safari or any other browser that you are using. If a normal attempt at quitting the browser doesn’t work, then Force Quit the browser.
In some cases, your browser may automatically download and launch the installer for this malicious software. If this happens, cancel the installation process; do not enter your administrator password. Delete the installer immediately using the steps below.
How to remove this malware
If the malware has been installed, we recommend the following actions:
Removal steps
Malware also installs a login item in your account in System Preferences. Removal of the login item is not necessary, but you can remove it by following the steps below.
Use the steps in the “How to avoid installing this malware” section above to remove the installer from the download location.
Note: Apple provides security updates for the Mac exclusively through Software Update and the Apple Support Downloads site. User should exercise caution any time they are asked to enter sensitive personal information online.
You may have heard it's said that Macs don’t get viruses. That there’s no Apple virus. You may even have said it yourself. Sadly, it’s not true. The latest State of Malware Report by Malwarebytes describes a significant rise of Mac threats of over 400% in 2019. The report claims that cybercriminals now target Macs severely, due to increasing market share. So, do you still believe that Macs don’t get viruses? Continue reading to discover how to remove a virus from your Mac and protect your files from getting infected.
Macs have been considered safer than Windows PC for a long time. Macs are indeed secure, thanks to various built-in features, such as GateKeeper, that doesn't allow installing anything not approved by Apple. But, as the Apple security features have improved, so is malware. According to the State of Malware report mentioned before, Macs are mostly attacked by adware and potentially unwanted programs (PUP), which macOS has no counteraction against. So, answering the question, yes, Macs do get viruses, and they may impact your sensitive file and data seriously.
Before you remove a virus from a Mac, you need to be sure it actually has one. We’ve covered that in more detail in this article but here are a few pointers.
These symptoms may mean your Mac has a virus, although there could be other explanations.
Thankfully, there are lots of ways to do it. And Mac virus removal doesn’t have to cost money.
One of the most common types of malware comes in the form of browser extensions. Even extensions that aren’t particularly malicious can be annoying, and if you didn’t deliberately install them, they’re malware. Here’s how to get rid of unwanted browser extensions.
Safari
Chrome
Firefox
Malware comes in lots of different forms. And it even comes disguised as security software to help you get rid of viruses! Devious, huh?
If you’ve inadvertently downloaded an app that turns out to be a virus, you need to uninstall it immediately. There are a couple of ways to do this. Here’s the hard way.
~/Library
folder and look in the Application Support folder for any files related to the app and drag those to the Trash./Library
, especially Launch Agents and Launch Daemons and remove any files related to the app from there. But be careful, if you remove files used by legitimate apps you could cause lots of problems.If you don’t know the name of the application, it’s more difficult. But if you use CleanMyMac X, all you have to do is scroll through the list of applications and look for any you don’t recognize or don’t need and remove them. CleanMyMac X removes every trace of an app, including files that you may overlook when you remove applications manually. This is particularly important for viruses, so it’s much better to use CleanMyMac X.
What makes this method even better, is that CleanMyMac X also shows you app leftovers that remained after the main app is gone.
Usually, viruses are attached to a particular user profile on your computer. In this way, they are able to seize control of your admin profile. But you can start if from scratch and create a new user on your Mac. Don't worry, you will be able to transfer all your important data from one user to another.
Go to Apple menu > System Preferences, click Users & Groups.
To move your important information from one user to another, you will need to access the Shared folder.
/Users
Can you see the Shared folder? Here you can copy the needed files from your old user account. Hurray, you've started a clean, virus-free life!
Login items are apps that launch automatically upon startup. Malware programs would often sneak into your login items without you knowing. How to prevent them from launching?
From here you can manage them using the [+] and [—] buttons.
While the above steps work very well in lots of cases, sometimes the Mac virus removal means using a dedicated application to scan and remove malware from your Mac.
There are lots of these applications available, and many of them are either free or allow you to at the very least scan your Mac for free to find out whether you need to take action. Be careful, however. It’s important to choose a tool from a reputable vendor. If you just google ‘Mac antivirus tool’ some of the results may well be for tools that are themselves malicious and instead of removing viruses from your Mac will infect it. We recommend using CleanMyMac X.
It can identify thousands of malware threats, including adware, spyware, ransomware, worms, cryptocurrency miners. And if CleanMyMac finds something suspicious, it will offer immediate removal. Besides, it ensures real-time Mac virus protection, informing you when you’re about to install something harmful. Here’s how to perform a full system scan:
Some small supporting applications never show up in the Login items. They are called the Launch agents and may as well be hacked by viruses. You can find them with the universal Mac cleaner, CleanMyMac. This app is notarized by Apple, so you are safe using it.
How many apps do you see there? Remove any flash players, automatic updaters, or everything else that you find suspicious. Even if you deleted the main app itself, its launch agents may still occupy your drive. Here is what I have:
If you’ve run through all the steps above and are still having problems trying to remove a virus from a Mac, the next step is to restore from a Time Machine backup. The benefit of restoring from Time Machine is that you can do it quickly and easily by booting into the recovery partition and you can choose to backup to a state just before your Mac started behaving erratically.
The downside of this option is that any work you’ve done since the backup you restore from will be lost. You could manually copy files from your Mac to another drive or cloud storage service before you restore and then copy them back afterward. However, if one of those files is infected, you risk contaminating your Mac all over again. If there are documents you really need and that aren’t backed up elsewhere, use one of the antivirus tools above to run a scan on them before you copy them to another disk. That way you’ll know they’re safe.
Your Mac will now return to the state it was in when you made that backup.
If you don’t have a Time Machine backup to restore from, the last resort is to reinstall macOS. This is a ground-zero approach. You’ll need to wipe your startup drive completely clean and start again. That means reinstalling all your applications and copying all your data back to your Mac afterward. If you have a recent backup of your data, from before your Mac became infected, you can use that to copy data from after you re-install. If not, you’ll need to back up important files now — but scan them with an antivirus tool first to make sure they’re not infected.
To perform a clean install of macOS, you’ll need a bootable installer disk. Creating one is beyond the scope of this article, but there is a comprehensive guide here.
Once you’ve made your bootable installer, plug it into your Mac, go to System Preferences, choose Startup Disk and select the disk you just plugged in. Restart your Mac, holding down Command-R and do the following:
As you can see, there are many different ways to remove a virus from a Mac, depending on how badly infected it is and what kind of virus it is. The main thing to remember is if you suspect your Mac is infected, don’t worry. It can be fixed! Move on to our little Q&A section to find answers to questions many users ask.
Most of the antiviruses protect your Mac in real-time, making it apparent for you when an intruder appears. So, with antivirus software, you can be sure no PUP or adware can infect your computer. Antivirus is not a must-have software, but it indeed adds up a layer of protection if you use it.
Email viruses do exist, but you can’t catch one just by opening an email. What you need to be cautious with are email attachments. If you don’t know who that email comes from, avoid opening the attachment. It can contain PUP and other things you don’t need on your computer.
To do a quick virus scan, inspect your Mac for the software you didn’t intentionally install. Some apps can come in bundles hiding malicious programs that end up appearing on your Mac. For a more thorough virus scan, get CleanMyMac X. All you need to do, is to install the app, go to Malware Removal, and hit the Scan button.
Try to find and delete the last app you installed before you started seeing such fake alerts. Also, remove browser extensions from the web-browser where you see such pop-up ads. Some malicious extensions can be responsible for this. If nothing helps, scan your Mac for viruses using the antivirus of your choice.