MacOS has two built-in tools to protect itself from viruses: Gatekeeper and XProtect. They work in the background to prevent you from installing malicious code on your Mac. Gatekeeper blocks you. Even Macs Need Antivirus Protection. The myth that Macs don’t suffer malware attacks has been. If your test file is a program, then it should also produce sensible results if it is executed. Also, because you probably want to avoid shipping a pseudo-viral file along with your anti-virus product, your test file should be short and simple, so that your customers can easily create copies of it for themselves. The good news is that such a.
In this article, we will look at the most common Mac viruses and security flaws, how to detect them, prevent your Mac from getting them, and how to remove them.
- More and more Mac users are opting to stay on the safe side and using security software for MacOS. The current statistics on malware growth also recommend this. Consumers have a wide selection of excellent security software. A total of 4 programs reached the maximum point score of 18. They are from Bitdefender, Intego, Symantec and Trend Micro.
- While Mac-specific vulnerabilities and threats don’t make news headlines as often as other devices, they’re certainly not immune to attacks. That’s why it’s important to equip your Mac with antivirus that stays on top of emerging viruses and malware and why we remain dedicated to.
The more macOS grows in popularity, the more lucrative it becomes to hackers and rogue programmers, and with no anti-virus, your MacBook is at risk of attack. Viruses on Mac are more common than you might imagine. We’re going to run through known Mac viruses, malware, and security flaws and show you how to keep your computer safe using CleanMyMac X.
Something to note before we continue: a virus is a type of malware, capable of copying itself and spreading across a system. Malware is a blanket term for a wide range of malicious software including adware, spyware, ransomware, and Trojans. So all viruses are malware, but not all malware are viruses if that makes sense?
Okay, let’s dig in.
How a Mac virus infects your system
How does a Mac virus find its way onto your system in the first place? Typically with a helping hand from you.
Apple viruses rely on you downloading a program, clicking a link, or installing an app or plugin.
The most common ways for malware to infiltrate your computer is through third-party browser plugins like Adobe Reader, Java, and Flash, or by using a Trojan horse or phishing scam — an app or email that appears to be from a legitimate source, but is in fact fraudulent. The moment you click on a link and enter details or download the seemingly genuine app, you give the green light for a virus to infect your system.
The best way to avoid a virus on Mac is to be vigilant. Double check every app that you want to download and every email that you receive before following through on an action. If something seems off, there’s every chance that it is.
However, as you’ll see from some of the viruses, in certain cases even vigilance can’t protect you.
An X-ray of a Mac virus: Here is what it looks like
Below is an executable command of an adware code. As you can see it aims to 'download offers' that users see on their computers
Known Mac viruses
1. Microsoft Word macro viruses
What’s that, a Microsoft program bringing its virus-riddled programs over to Mac? Unfortunately, yes.
Macros are commonly used by Word users to automate repetitive tasks and they're a prime target for Malware peddlers. Macro support on Mac was removed by Apple with the release of Office for Mac back in 2008, but was reintroduced in 2011 meaning files opened with macros enabled could run a Python code to log keystrokes and take screenshots of personal data.
In 2017, Malwarebytes discovered malware in a Word document about Donald Trump to the worry of Mac users. However, the chances of being infected rely on you opened that specific file, which is slim.
A warning message that Apple displays anytime a file contains macros should be enough to keep you safe from Word macro viruses.
2. Safari-get
Safari-get is a denial-of-service (DoS) attack that began targeting Mac in 2016. The malware is hidden behind a link in a seemingly genuine tech support email — you click on the link, the malware makes itself at home on your computer.
What happens then depends on whether you’re running macOS 10 or 11. The first variant takes control of the mail application to force create multiple draft emails. The second force opens iTunes multiple times. The end goal for both is the same: overload system memory to bring your Mac to its knees so that you call up a fake Apple tech support number and hand over your credit card details to a bogus team on the other end of the line.
MacOS High Sierra versions 10.12.2 and above include a patch for this vulnerability, so updating your machine should keep you safe.
3. OSX/Pirrit
OSX/Pirrit is a virus that is able to gain root privileges to take it upon itself to create a new account and download software that you neither want nor need. The virus was found by Cybereason to be hidden in cracked versions of Adobe Photoshop and Microsoft Office that are popular on torrent sites.
A stark reminder, if ever you needed one, to never download pirated software!
Known Mac malware
1. OSX/MaMi
OSX/MaMi holds the distinction of being the first macOS malware of 2018. It targets Mac users with social engineering methods such as malicious emails and website pop-ups. Once it’s made its way onto a system, the malware changes DNS server settings so that attackers can route traffic through malicious servers and intercept any sensitive data. MaMi is also capable of taking screenshots, downloading and uploading files, executing commands, and generating mouse events.
The Hacker News provides instructions on how to identify the virus on your system:
“To check if your Mac computer is infected with MaMi malware, go to the Terminal via the System Preferences app and check for your DNS settings—particularly look for 82.163.143.135 and 82.163.142.137.”
2. OSX/Dok
This piece of Malware is a worrying one in that it is signed with an Apple-authenticated developer certificate, thus allowing it to bypass Mac’s Gatekeeper security feature and XProtect. Like OSX/MaMi, OSX/Dok intercepts all traffic (including traffic on SSL-TLS encrypted websites) moving between your computer and the internet to steal private information.
Since it arrived on the scene in April 2017, Apple has revoked the developer certificate and updated XProtect, however, it remains one to look out for.
3. Fruitfly
Fruitfly malware has stolen millions of user images, personal data, tax records and “potentially embarrassing communications over a 13 year period by capturing screenshots and webcam images. Researchers are unsure how the near-undetectable “creepware” finds its way on to Mac systems and while Apple has been working to patch the issue, it’s unknown if newer versions still exist in the wild.
4. X-agent
Movavi video for mac. X-agent is classic malware capable of stealing your passwords and iPhone backups and taking screenshots of sensitive data. It has mainly targeted members of the Ukrainian military, which is very bad, of course, but if you're not a member of Ukrainian military you’re unlikely to be affected.
5. MacDownloader
While its name suggests it could be a useful app, MacDownloader is a very nasty piece of malware programmed to attack the US defense industry. It’s hidden inside a fake Adobe Flash update and shows a pop-up claiming your system is infected with adware. By clicking on the alert and entering your admin password, MacDownloader lifts sensitive data, including passwords and credit card details, and sends it to a remote server.
MacDownloader is designed to attack a particular audience, but it’s worth checking for updates on Adobe’s official website before installing any new version of Flash.
6. KeRanger
KeRanger is macOS’s first introduction to ransomware — malware that encrypts system files and demands a ransom to decrypt them. It was bundled in with the torrent client Transmission version 2.90 and installed at the same time, using a valid Mac app certificate to sneak through Apple security. Once document and data files are encrypted, KeRanger demands payment in bitcoin for the malware to be removed.
Transmission has released an update to remove the malware and Apple has removed KeRanger’s GateKeeper signature to protect users. If you’re using Transmission 2.90, head over to the Transmission website to download the latest update.
Known Mac security flaws
![Mac Mac](/uploads/1/2/6/5/126551587/758366063.png)
1. Goto fail bug
The Goto fail bug was a bit of an embarrassing one for Apple in that the security flaw was as a result of its own doing. A bug in Apple’s SSL (Secure Sockets Layer) encryption meant that a Goto command was left unclosed in the code, thus preventing SSL from doing its job to protect users of secure websites. The flaw put communications sent over unsecured Wi-Fi (the hotspots you use at the mall and in coffee shops) at risk, allowing hackers to intercept passwords, credit card details, and other sensitive information.
Apple has since patched the issue on macOS, but it certainly makes you think twice about how you browse the web on your MacBook in a public place.
2. Meltdown and Spectre
In January 2018, it was announced that there was a flaw in Intel chips used in Macs, giving rise to the dastardly duo of Meltdown and Spectre.
From Apple:
The Meltdown and Spectre issues take advantage of a modern CPU performance feature called speculative execution. Speculative execution improves speed by operating on multiple instructions at once—possibly in a different order than when they entered the CPU. To increase performance, the CPU predicts which path of a branch is most likely to be taken, and will speculatively continue execution down that path even before the branch is completed. If the prediction was wrong, this speculative execution is rolled back in a way that is intended to be invisible to software.
The Meltdown and Spectre exploitation techniques abuse speculative execution to access privileged memory—including that of the kernel—from a less-privileged user process such as a malicious app running on a device.
Meltdown and Spectre affects all Mac systems, but Apple insists there are no known exploits currently impacting customers. macOS 10.13.2 and above includes a patch to protect against both flaws.
3. High Sierra “root” bug
As far as security flaws go, High Sierra’s “root” bug is a pretty big one. The flaw, which was discovered by software developer Lemi Orhan Ergin, allowed anyone to gain root access to a system by leaving the password field blank and trying multiple times in a row. So, anyone with physical access to your system, or access via remote desktop or screen-sharing, could type in “root” and hit enter a few times to gain full control of your Mac. Scary thought, huh?
Apple has recently released an official fix for the flaw, but it’s worth taking care about who shares access privileges on your Mac.
How to recognize a virus on Mac
So how do you spot a virus on your MacBook Pro or iMac? In the case of ransomware like KeRanger or a DoS attack like Safari-get, the issue is in your face. With other malware, however, the infection is less obvious.
A few of the tell-tale signs include:
- Unexpected system reboots
- Apps closing and restarting for no reason
- Browsers automatically installing suspicious updates
- Web pages obscured with ads
- Drop in system performance
How to avoid a virus on Mac
We briefly covered this at the top of the article, but there are measures you can take to help safeguard your system:
- Always check the source of an email by looking at the address of the sender
- Avoid pirated software
- Avoid software and media downloads from torrent clients
- Avoid apps or pop-ups that ask you to “fix” an infected Mac
- Never download codecs or plug-ins from unknown websites
- How to remove a virus on Mac
If you suspect a Mac virus has infected your system, it’s important to address the problem immediately. There are two ways that you can do this: manually or with CleanMyMac X.
How to remove a virus on Mac manually
To remove a virus manually, the first thing to do is find out what’s causing the problem.
The chances are it could be a downloaded file, so go to your Downloads folder and search for .DMG files. If the file is unfamiliar, delete it and empty the Trash.
If an app is the issue, go to your Applications, drag the icon of the culprit to the Trash bin and empty the Trash immediately.
Both of these methods offer a quick fix, but neither is the most comprehensive of solutions. The way in which viruses work means that the infection could have spread to system folders. If the problem persists, opt for the more robust CleanMyMac 3.
How to remove malware on Mac with CleanMyMac X
CleanMyMac X is designed to detect and remove malware threats from your Mac, including adware, spyware, ransomware, worms, and more.
If malware is lurking within your Mac, it won’t be after CleanMyMac is done with it.
- Download CleanMyMac X (free download) and launch the app.
- Click on the Malware Removal tab.
- Click Scan.
- Click Remove.
This app is actually notarized by Apple so you are safe using it. Speaking of malware, it has a real-time monitor that keeps an eye on your Launch Agents. If an unkown app tries to add itself into your system folders, you'll get an instant notification from CleanMyMac X.
Keep your Mac virus-free
For the most part, using a Mac is a pleasant, malware-free experience, but no computer is ever 100% virus-free. Keeping abreast of known Mac viruses so that you know what to look for and airing on the side of caution when downloading software will help keep your system running smoothly. And if a rogue app does make its way on your system, keep CleanMyMac X close to hand to remove it immediately and completely.
These might also interest you:
The laboratory experts at AV-TEST examined 12 MacOS solutions for home users and business users in terms of their protection, performance and usability. Many of the packages demonstrated their quality and reliability.
Protection for MacOS12 packages for home and business users put to the test.
The Mac world is more and more in the focus of malware authors. In June 2018, newly-recorded malware for MacOS has already been tallied at 37,000 samples – and thus approaching the entire 2017 level of 43,000 samples. While this represents fewer cases than in the Windows world, the number is in fact 100 times higher than Mac experts predicted even a few years ago.
8 products for home users, 4 solutions for business users
Among the 12 tested security solutions for Mac OS High Sierra are 8 for consumers and 4 for corporate users.
Solutions for home users:
- Avast Security
- Avira Antivirus Pro
- Bitdefender Antivirus for Mac
- F-Secure Safe
- Intego VirusBarrier
- Kaspersky Internet Security
- Symantec Norton Security
- Trend Micro Antivirus
Solutions for business users:
- Bitdefender Endpoint Security for Mac
- McAfee Endpoint Security for Mac
- SentinelOne Next Generation Endpoint Security
- Sophos Central Endpoint
Home and business users have a wide variety of excellent and certified protection software to choose from
' tabindex='0'>Protection for MacOSHome and business users have a wide variety of excellent and certified protection software to choose from
8 out of 12 protection solutions examined detected all malware samples without exception
' tabindex='0'>Protection for MacOS – the detection rates8 out of 12 protection solutions examined detected all malware samples without exception
Flashback was so successful, new variants of it are constantly cropping up
' tabindex='0'>TOP 5 malware for MacOSFlashback was so successful, new variants of it are constantly cropping up
By the end of 2018, the number of new malware will more than double compared to 2017
' tabindex='0'>MacOS malware developmentBy the end of 2018, the number of new malware will more than double compared to 2017
2
Protection for MacOS – the detection rates
4
MacOS malware development
All security packages were examined on identical iMacs running MacOS High Sierra 10.13.3. The products were evaluated in terms of their protection, performance and usability. In each category, the laboratory awards a maximum of 6 points. Thus, the top score is 18 points. The products for consumer users from Bitdefender, Intego, Symantec and Trend Micro achieved this score. In the category of corporate solutions, the products from Bitdefender, McAfee and SentinelOne attained the best result.
Top detection for most solutions
In the test, each solution was required to detect, block or delete more than 500 of the very latest attackers. In the case of the products for home users, 6 out of 8 packages tested detected 100 percent of the malware samples. Only Avira and F-Secure had minor detection problems.
With respect to solutions for business users, Bitdefender and Sophos managed to achieve the 100 percent mark. The endpoint packages McAfee and SentinelOne followed close behind with 99.8 and 99 percent detection.
In everyday scenarios, many protection packages run in mixed networks and exchange data with Windows. That is why the laboratory tested the detection of Windows malware samples in a non-rated supplemental test. Among the consumer packages from Bitdefender, Kaspersky Lab and Trend Micro, the rate was nearly 100 percent. Regarding corporate solutions, the packages from Bitdefender, McAfee and Sophos reached similar high results.
In a second non-rated supplemental test, it was determined how well the solutions detected so-called 'potentially unwanted applications' – or PUA for short. While these programs do not cause any damage, they do exhibit peculiar behavior. This includes tools with lots of advertising, ambiguous messages or even strange privacy statements. Some manufacturers see no direct threat in PUA, which is why they also do not classify them as dangerous. Among the packages for home users, Avast, Avira, Bitdefender, Kaspersky Lab, Symantec and Trend Micro detected over 2,500 PUA 95 to 99 percent.
Concerning solutions for corporate users, Bitdefender, McAfee and Sophos unmasked PUA at 90 to 99 percent.
Going easy on client PCs
A security solution constantly has to work in the background, monitoring processes and scanning files. Most solutions perform their work without slowing down MacOS – but not all. In the test category of performance, the lab examined how heavily each individual package affects the speed of the system. For the measurements on a reference system, numerous applications were launched and operations performed. In addition, files were copied locally and into the network. All the times required for the routines were written down and served as parameters for comparison. Afterwards, all the respective steps were repeated with active security solutions.
For consumers, the security packages from Bitdefender, Intego, Symantec and Trend Micro put their best foot forward and received a maximum 6 points as a result. Kaspersky Lab still managed to achieve an excellent 5.5 points. Avira and F-Secure slightly slowed down the system and only achieved 5 points. Avast slowed down MacOS too heavily: only 4 points.
For corporate products, the solutions from Bitdefender, McAfee and SentinelOne demonstrated that their effects on system performance are hardly measurable: 6 points. Only the package from Sophos caused a dip in performance in the client, which led to a reduction to 5 points.
Protected the Mac in the test in all categories without errors – this earned the maximum 18 points
' tabindex='0'>Bitdefender AntivirusProtected the Mac in the test in all categories without errors – this earned the maximum 18 points
Usb wired mouse for macbook. Macally USB Wired Mouse with 3 Button, Scroll Wheel, & 5 Foot Long Cord, Compatible with Apple Macbook Pro / Air, iMac, Mac Mini, Laptops, Desktop Computer.
The package for home users worked without a glitch – 18 points
' tabindex='0'>Intego VirusBarrierThe package for home users worked without a glitch – 18 points
The client-server solution excelled in the test with the highest achievable point score
The client-server solution excelled in the test with the highest achievable point score
In the test, the business solution reached a top score with 18 points
' tabindex='0'>SentinelOne Next Generation Endpoint SecurityIn the test, the business solution reached a top score with 18 points
2
Intego VirusBarrier
4
SentinelOne Next Generation Endpoint Security
High degree of reliability, no false alarms
If protection packages overreact, a normal application program can be quickly labelled as a threat. False alarms like these are unsettling to consumers and possibly lead to downtime costs in companies. That is why the lab examined the following: dozens of applications were installed under each installed security solution. In addition, over 4,000 benign programs had to be scanned in the false positive test.
Types Of Tests For Viruses
Hats off to the results: All security programs – for home and business users – performed their routines without one single false alarm. Thus, the lab consistently awarded the maximum 6 points.
Well-armed in case of emergencies
More and more Mac users are opting to stay on the safe side and using security software for MacOS. The current statistics on malware growth also recommend this.
Consumers have a wide selection of excellent security software. A total of 4 programs reached the maximum point score of 18. They are from Bitdefender, Intego, Symantec and Trend Micro. Following close behind is the package from Kaspersky Lab, which also comes recommended with 17.5 points.
Test For Viruses Pc
Yet also among the endpoint solutions for companies, 3 products, from Bitdefender, McAfee and SentinelOne, earned the maximum point score. Sophos affected performance slightly in the test on the client PC and had a point taken off as a result. Nonetheless, it still earned an excellent 17 points.