How To Remove Viruses From Mac Computers

Does Your Mac Have Malware? Here’s How To Tell

Despite Apple’s reputation for robust cybersecurity, the truth is that, yes, Macs can get viruses. In fact, by some accounts, up to 50% of Mac users were impacted by malicious software, hacking, or online scams last year alone.

Mac malware can show up in many different ways. Some of the most common warning signs include:

• Slow performance — for instance, websites and programs are slow to load, your mouse cursor drags, and the browser occasionally freezes.
• Strange device behavior, such as a Mac that heats up, makes strange noises, or crashes regularly.
• Unfamiliar apps, files, or folders appear on your desktop or in folders. 
• Sudden changes to your web browser, default search engine, or homepage. 
• Non-stop pop-ups, ransomware notices, or adware that won’t go away. 
• Changes to your system settings or you can’t access certain accounts or files.

While some of these symptoms can be explained by outdated software or corrupted files, any signs of a Mac virus should be dealt with immediately — before hackers can access your personal data, accounts, and information.

{{show-toc}} 

How To Remove Viruses and Malware From Your Mac 

Macs come preloaded with tools for malware protection and removal of potentially dangerous apps and files. There is also premium Mac antivirus software you can purchase that goes beyond the built-in tools you’ll find on your MacBook or iMac. 

The most effective approach is a combination of both methods: use your Mac’s tools and manual actions to remove obvious infections, and then double down with strong antivirus software to root out deeply embedded viruses. 

1. Disconnect from the internet

Many viruses require an internet connection to send stolen data or communicate with the hackers controlling them. 

‍As soon as you spot the warning signs of a virus, disconnect your computer from your Wi-Fi network — as well as any ethernet cables supplying internet access — to limit the damage. 

‍2. Boot your Mac in Safe Mode

Safe Mode prevents most third-party software — including many types of malware — from automatically starting up when you turn on your Mac. 

Running your Mac in Safe Mode gives you a secure space to investigate issues and remove viruses. Safe Mode also automatically checks your startup disk for problems, and clears some system caches that could be harboring malware or causing other issues. 

There are different methods for booting your Mac, depending on which model you have. If you’re unsure, check under About this Mac and look for an item labeled either Chip (for Apple Silicon) or Processor (for Intel-powered devices). 

‍How to start a Mac in Safe Mode (Apple silicon)

• Choose Apple menu  > Shut Down. Wait for the Mac to completely shut down — make sure that the screen is black and all lights (including the Touch Bar) are off.
• Press and hold the power button on your Mac until you see Loading startup options appear on the screen.
• Choose a boot volume (drive), press and hold the Shift key, and select Continue in Safe Mode.
• The computer will restart automatically. When the login window appears, you should see Safe Boot in the menu bar.

How to start a Mac in Safe Mode (Intel)

• Turn on or restart your Mac, and then immediately press and hold the Shift key until you see the login window. Release the key when the login window appears.
• Log in to your Mac, and you should see Safe Boot in the menu bar.

3. Make sure XProtect is enabled (and up to date)

XProtect is Mac's native malware scanner that automatically detects and blocks known malicious programs, including worms, trojans, and spyware. 

When XProtect detects malware on a Mac, it prevents the software from executing on your system and sends a notification to the user or administrator. This alert gives you the option to move the software to the Bin.

How to enable XProtect:

• Navigate to the Apple icon > System Preferences > Software Update > Advanced.
• Verify that the box next to Install system data files and security updates is checked.
• Make sure that your Mac is updated. In December 2024, Apple released updates to XProtect for all supported versions of macOS, bringing it to version 5284 and to XProtect Remidiator for all macOS from Catalina onwards to version 149. 
• To check if you have the latest version, go to the Apple menu  > System Information, and then Installations (under Software).

4. Run a comprehensive virus scan

While XProtect provides basic protection, it may miss sophisticated threats. Some modern malware is designed to evade detection by hiding in system files or creating multiple backup copies. 

A dedicated antivirus scan can find and remove threats that manual cleanup steps might have missed.

5. Check Activity Monitor for suspicious processes

Activity Monitor manages how your computer is using resources, including specific systems, apps,  and processes currently running on your device. It’s Mac’s equivalent of Windows’ Task Manager application.

• Open Applications > Utilities > Activity Monitor.
• Sort the CPU tab by "% CPU" (high to low). By focusing on this tab, you can identify programs that are using a lot of processing power. Malware often runs silently in the background, using your Mac's resources without your knowledge. 
• Watch for unfamiliar process names, especially ones consuming high CPU power. It’s often easy to spot malware in your processes, as they will be using a lot of bandwidth and have strange names, such as "crypto-miner," "coinminer,"  "miner_xmr," etc. 
• Check the Network tab for suspicious connections. Some malware goes by less obvious names or tries to blend in with a name that mimics systems tools. You can often find intruders by checking if there are any unexpected connections (such as processes sending large amounts of data to unknown servers).

6. Uninstall unknown or suspicious applications

Malware often disguises itself as legitimate software, or bundles itself with free apps that you've downloaded. These malicious applications might appear in your Applications folder or hide in lesser-known system directories. 

If you accidentally delete a legitimate application, you can always reinstall it later. 

• Open Finder and click on Applications to review all installed programs.
• Examine the list for suspicious or unfamiliar apps. Some of the most risky apps are games, fake malware removal or Mac security tools, system cleaners, Flash updates, and video players from unknown sources. Look for names like "MacKeeper," "Advanced Mac Cleaner," or apps with generic names like "System Optimizer Pro."
• Right-click (or Control-click) unfamiliar apps, and choose Get Info to check their signing information. Under Signing Info, legitimate apps should display details about their developer certification.
• Delete suspicious apps by dragging them to the Trash, and then empty the Trash. It’s important to delete the trash to ensure that the malware is completely eradicated from your computer. 

7. Clear out suspicious login items

Malware often launches automatically when you start your Mac, ensuring that it stays active even after restarts. These auto-launch settings can keep reinfecting your system even after you think you've removed the malware.

‍How to remove a virus from Mac via login items:

• Go to the Apple menu > System Settings > General.
• Open the Login Items & Extensions tab. Uncheck the lock icon before editing the settings.
• Use the “—” sign to disable all unwanted or untrusted apps. This process stops these apps from initiating during the Mac’s bootup process.
• To confirm the new settings, click on the lock icon again, and then restart your Mac for the changes to take place.

8. Check for malicious user profiles

Some sophisticated malware creates hidden user profiles to maintain access to your Mac. These profiles can give attackers ongoing control over your device settings and permissions, even after you've removed the original malware.

• Open System Settings and click on Privacy & Security.
• Select Profiles.
• Remove any profiles you don't recognize or no longer use. Sometimes, hackers can exploit you by accessing an old profile that you created for a family member or friend.

9. Reset your browser, and clear the cache

Browsers are common targets for malware. If a virus is hiding in your browser’s downloads folder or cache, it can continue to hijack your browsing experience with ads, track your activity, and steal your data. To eliminate these threats, you must clear all cached data and reset your browser.

‍How to clear your cache on Safari:

• Go to the Safari menu > Settings > Advanced. 
• Check the box next to Show features for web developers.
• Click on the new Develop tab (in the menu on top of your Safari window), and then Empty Caches.

How to clear your cache on Chrome: 

• Go to the Menu (three dots) > Clear Browsing Data.
• In the pop-up window, click on the Advanced tab and check the boxes for Cookies and other site data and Cached images and files.
• For the time range, select All Time. 
• Click on Clear Data.

How to clear your cache on Firefox:

• Go to your main Menu and click on Firefox, and then select Preferences (or Settings).
• Select the Privacy & Security panel, and look for Cookies and Site Data.
• Click on Clear Data… and select Everything under the drop down menu. 

10. Remove suspicious browser extensions

Malicious browser extensions can spy on your web activity, inject ads, or redirect your searches to dangerous websites. 

Take a moment to review each of your extensions, and ask yourself:

• Did I install this?
• Am I still using it regularly?
• Has it been updated recently?
• Is it safe?

Pro tip: You can find out more information about a browser extension’s updates and safety by doing a Google search of: “Is [browser extension name] safe?”

11. If all else fails, restore from a safe backup

If you're still experiencing issues after trying all other steps, you may need to perform a factory reset and restore your device to a safe backup made before the infection occurred. This will usually remove all malware, but at the expense of any unsaved or backed up files and settings. What to do:

• Connect the external drive you use for Time Machine backups.
• Restart your Mac, and hold Command + R when the computer is booting up.
• Select Restore from Time Machine Backup, and choose a backup date from before you noticed the virus. Follow the prompts to complete the backup process.

If it’s not possible to restore from an earlier point, you may need to erase all data on your Mac. In this case, follow the guidance from Apple.

Did You Get a Pop-Up Alert Claiming That Your Mac Has a Virus? Don’t Panic! 

The fake Apple security alert scam is a pop-up designed to trick people into believing their Mac computer has security issues. These bogus ads appear to be legitimate security warnings from Apple, but they are phishing attacks. The goal is to trick people into sharing sensitive information, clicking on malicious links, or calling a scam phone number. 

Here are three things you can do to stop receiving these alerts:

1. Clear your browser cache, history, and cookies. Often, deleting your history and cookies is all it takes to remove this threat. Clear your cache, and check to see if the pop-ups are still happening.
2. Check website permissions. In Safari, click on Settings or Preferences and then Websites. You can adjust the permissions for each website within each of the categories: Pop-Up Windows, Downloads, and Notifications. You can do the same on Chrome by going to Settings > Privacy and Security> Site Settings.
3. Block pop-ups in your browser. Go to your browser Settings, and select the option for deny pop-ups and redirects. You can use Aura’s Chrome extension to block ads, pop-ups, and intrusive site trackers in order to keep your online activities private.

If you still have issues after these steps, check out our full guide: How To Remove Apple Security Alerts & Mac Pop-up Viruses.

‍How To Protect Your Mac From Viruses and Malware

Unfortunately, with more hackers targeting Mac users now, Mac malware is only going to become a larger concern. Rather than wait for the worst to happen, take proactive steps to keep your Mac safe: 

• Use two-factor authentication (2FA) with an authenticator app to make it harder for hackers or keyloggers to access your accounts.
• Turn on automatic updates for your operating system and applications to ensure that you’re always installing patches for known vulnerabilities. 
• Don’t ignore your Mac’s built-in security warnings and tools (such as Gatekeeper or firewalls). 
• Only download trusted apps from the App Store — but read customer reviews first, and confirm that the app receives regular software updates. 
• Don’t click on suspicious links in emails, texts, or pop-ups. 
• Always use a virtual private network (VPN) when browsing on public Wi-Fi networks, like in airports, hotels, and cafes. 
• Turn on Mail protection on your Mac to protect your email address.
• Make sure you make regular backups of your files by using Apple’s Time Machine or an external hard drive. 

For the best protection and continued peace of mind, use Aura. Aura’s award-winning all-in-one digital security platform includes antivirus software and Safe Browsing features — such as ad blockers, spam and junk mail removal, and a military-grade VPN. With Aura, it’s easy to avoid malicious websites and ads and keep your Mac safe from hackers and malware.