No matter what you’ve heard, Macs get viruses too. There are a handful of indicators that your Mac may be infected by malware: your computer running slower or working harder than usual (or overheating), apps or programs crashing unexpectedly, or unfamiliar software or processes running on your device.
Here’s what to do if you suspect a malware infection on your Mac—and how to get rid of it.
Disconnect your Mac from the internet
An active internet connection may allow malware to spread across your network to other devices or communicate information to and from bad actors, ultimately making it more challenging to isolate and remove. If you need to download any programs to address a potential infection, such as a malware scanner, do it quickly.
Otherwise, cut your device off from the internet, and don’t reconnect until you are sure the threat is gone. You should also avoid signing into any accounts that require credentials, as some malware includes keylogging capabilities that steal your passwords.
Restart in safe mode
When you restart in safe mode, your Mac prevents some software from loading and runs a check on your startup disk, allowing you to isolate and address potential issues. The process for entering safe mode depends on whether you have an Intel-based Mac or a Mac with Apple silicon. If you aren’t sure what you’re running, click on the Apple in the top left of your screen, then choose About This Mac to clarify. Apple silicon will be labeled as Chip, followed by an M-series processor (e.g. M1 or M2 Pro), while Intel Macs will be labeled as Processor.
To restart an Apple silicon Mac in safe mode, go to the Apple menu > Shut Down and wait for your device to turn off completely. Then press and hold the power button until Loading startup options appears. Select a volume (likely Macintosh HD for most) then press and hold Shift and click Continue in Safe Mode. When your device restarts, you’ll see Safe Boot in the menu bar.
For an Intel-based Mac, restart your device and press and hold Shift until the login window appears. Log into your device, and you should see Safe Boot in the menu bar.
You can also confirm that you’re in safe mode by pressing and holding Option, then choose Apple Menu > System Information > Software. Under System Software Overview, look for Boot Mode: Safe. If it says Boot Mode: Normal, you are not in safe mode.
Run a malware scan
Apple has built-in antivirus software called XProtect, but you can’t run manual, on-demand checks with it. It may be best to use a second-opinion scanner to identify, quarantine, and remove whatever XProtect may have missed. Lifehacker sister site PCMag recommends BitDefender as the best antivirus software for Mac. If you’re looking for free solutions, PCMag also recommends Avast and Malwarebytes for addressing malware infections.
Monitor your Mac’s activity
Activity Monitor on macOS shows you real-time information about processes running on your device, including memory usage and activity across disks and networks. This is a good way to identify suspicious programs or processes that may be malware.
To open, go to Launchpad and search for Activity Monitor. Look for any unusual names or processes that are hogging CPU or memory, then double-click and quit them. You should also quit any applications that are currently running until you identify the source of the problem.
What do you think so far?