The Most Common Mac Viruses: Here’s How You Can Remove Them

For any Mac user, the probable first question would be – “is my system really in danger?” And there’s a good reason: for many years, hackers used to only attack the Windows OS, with almost no focus on macOS. That’s precisely why the owners of Mac devices mostly purchase maintenance/optimization products (like this one, for example, PC Matic Review).

However, these days, cybercriminals are targeting all the common platforms (including iOS and Android). So, what can you do after the system gets infected? Is there a remedy against modern-day threats? And, most importantly, can you get rid of them using built-in macOS tools? Join us, and let’s find out the answers to all those questions together.

The Most Common Threats for a Mac System

Before you get to the steps aimed at removing a hostile element, it is better to see the whole Mac malware picture.

Here’s a quick look at the most dangerous types of malware that may target your macOS:

  1. GravityRAT. Until recently, this used to be a Win-exclusive Trojan. It’s known to record keyboard logs and steal/upload Word and Excel documents.
  2. XCSSET. This worm aims at exploiting weaknesses in the system (particularly in the Data Vault). Mostly, it finds its way into user devices through Github. Login details (for Google and Paypal, for example): that’s what it’s after. Skype and Telegram messages are potential targets as well.
  3. CrescentCore. The next malware on the list masks itself as a Flash Player installer. Once it makes sure the system is not protected by a security suite, it self-installs and starts to spy on the user, looking for codes, logins, and other important information that can be monetized.
  4. KeRanger. The experts are calling KeRanger the first-ever Mac-exclusive ransomware. It encrypts vital data on your computer and then demands a ransom (payment through cryptocurrency) for the encryption code. There isn’t really much you can do against it once this ransomware is planted into the OS.
  5. Zoom. As one of the most popular web conference applications in the market, Zoom is used by numerous companies and professionals worldwide. A vulnerability was recently found that allowed malicious apps to get access to the web camera without the user’s authorization.
  6. CookieMiner. As the name suggests, the CookieMiner has only one goal: to break into your crypto wallet and steal Bitcoins and other types of cryptocurrency. It gets a hold of user logins and passwords through the Google browser, allowing it to access the wallet(s). Two-factor authentication isn’t easy to crack, but this miner is quite good at it.
  7. Shlayer. This one was first reported in 2018. Essentially, Shlayer is an advanced type of adware that infects the system by tricking the user into believing it’s a Flash Player installer. Once installed, it uses a fake Siri message to warn about threats it found in macOS. Before that, Shlayer runs a malicious Mac Cleaner copy. Naturally, the user launches it to get rid of the viruses, and that’s when the real attack starts.

The list above is defining for understanding that the threat is real for many Mac lovers.

Antivirus Protection?

Yes, of course, you can always let an antivirus program deal with malware, spyware, ransomware, and all the other malicious attacks. But security suites that protect against a wide range of threats aren’t incredibly cheap. Besides, no matter how reliable it may be, the most advanced viruses and Trojans will find a way to plant themselves deep into the system.

And, since Mac-exclusive malware hasn’t yet properly been identified by most antivirus vendors, it’s relatively easier for cybercriminals to carry out successful attacks. That’s why we decided to share a tried and true guide on how to get rid of viruses that have already found a way to penetrate defenses. This method has proven to be effective against most malicious threats and doesn’t need you to install any third-party antivirus software.

How to Remove Viruses from a Mac

Alright, with the basics out of the way, take a look at our guide on virus removal. Don’t worry: it’s pretty simple and request any professional skills:

  1. In the Finder, open the Go menu and click on “Utilities.”
  2. Hit the Activity Monitor – it’s located in the top left corner.
  3. You’ll see a big list of apps and processes working in the background. Look for things that look dangerous or suspicious.

But how are you going to know which apps to zero in on?

  • Focus on entries that don’t seem familiar to you
  • Once you’ve located those, check how many resources they “eat up.”

In most cases, malicious code takes significant CPU resources – that can help you find the culprits app

  • What you need to do next is click the little “X” button (Stop) in the top left corner
  • The system will welcome you with a pop-up message, asking whether you really want to terminate that process
  • Instead of selecting Quit, hit the Force Quit button.

That’s pretty much it for this part. But there are still some steps you can take to deal with the more advanced types of threats. Here’s what you should do:

  1. Go back to the Finder, and instead of selecting the Utilities in the Go menu, select the “Go to Folder…” option.
  2. A search menu will appear on the screen. Type in a simple command – “/Library/LaunchAgents – and tap “Go.”

Put on your “detective glasses” once again and start looking for stuff that doesn’t seem to belong.

A quick note: malware doesn’t usually give itself away with easy-to-detect names. So, don’t expect to detect files like “Trojan code,” “Mac virus,” or something like that. Instead, pay extra attention to the extension: anything with “plist” at the end and starting with “com” may be a potential threat.

Taking It One Step Further

Were not done with the “Go to Folder” tool just yet! Take the following steps for a clean sweep:

  1. Type in ~/Library/Application Support and try to find folders that were created recently. These folders won’t be named after system resources or apps installed by the user: use this to identify the “intruders.”
  2. If you want to be thorough and remove all potential viruses, type in “~/Library/LaunchAgents” and “/Library/LaunchDaemons” and check for suspicious activity there.
  3. Once that’s done, click on the Apple icon right next to the Finder, and select System Preferences.
  4. In the Users and Groups menu, navigate to the Login Items section.
  5. It includes all the apps that automatically launch with the startup.
  6. Look for programs that you don’t need or can’t remember adding, and hit the minus(-) button.

The final stop is the Profiles menu. Return to System Preferences to access it. Can you see the sidebar on the left side? That’s what we need to check out next. Malicious apps/code will look something like “Browser/Chrome settings,” “Admin preferences,” “Search platform,” and stuff like that. Again, click on the minus button to get rid of these infections.

You might also like to explore:

Jignesh Padhiyar is the co-founder of iGeeksBlog.com who has a keen eye for news, rumors and all the unusual stuff that happens around Apple products. During his tight schedule, Jignesh finds some moments of respite to share side-splitting contents on social media.