How to scan Mac for malware and remove it quickly

72.5K views
9 min read

As Macs are gaining popularity, and more people are preferring Apple products in general, cybercriminals are also turning their sights on macOS, working to create types of malware for Mac that would get past its native security systems.

Fileless malware is the latest type of malicious software posing a threat to computer systems around the world. Security reports show fileless malware attacks have increased by 888% in recent years and that trend is expected to continue.

Although Mac’s security features are always evolving, digital criminals are getting more sophisticated at developing malware that can find vulnerabilities even in the most well-protected systems.

Below is a complete guide to the best malware removal tools and techniques that will help keep your Mac clean and secure.

What is malware?

Malware is any malicious program meant for infecting your device and making the private data on it vulnerable to cybercriminals. Since malware is a broader term covering any malicious software regardless of how it works, don’t confuse it with a virus, which is a more specific type of malware that self-replicates by inserting its code into other programs.

There are a few other common types of malware like worms, trojans, ransomware, and spyware that can be used for anything from simply monitoring keystrokes and collecting data to manipulating your device’s processing power and network access, or mining cryptocurrency without your knowledge.

A new type of malware that has been getting used more over the last years is fileless malware. It can be any of the above types, but it doesn’t rely on traditional distribution methods like downloading and installing files. Instead, it takes advantage of vulnerabilities in existing programs to infect a device.

Signs your Mac might be infected with malware

One of the most dangerous things about malware in general and its fileless variants is that it can be very difficult to detect. So before getting into how to remove malware from your device, here’s a list of the most common signs that’ll alert you of a possible malware Mac infection:

  • Slow Mac performance or persistent overheating
  • A sudden change of your browser homepage
  • An abundance of pop-ups and other intrusive ads
  • Lots of freezing and restarting within your Mac apps
  • Inability to open files or drives
  • Unexpected browser redirects

How to detect and remove malware from Mac

Since malware is constantly evolving, the most effective solution might be to find the best malware removal tools once and forever stop worrying about your device’s safety. A bit more time-consuming method is getting familiar with all possible ways to check for malware Mac and removing it manually.

The easiest way to scan and get rid of malware on Mac

On top of our solutions list is using a reliable tool to scan Mac for malware and efficiently remove it before it causes any trouble to the operating system.

CleanMyMac X is an app that keeps tabs on your macOS and offers routine cleaning service to make sure your Mac’s performance is always at its peak. One of CleanMyMac X’s top tools is malware detection and removal through its Protection module that can neutralize virus threats with just a few clicks.

Here’s how to get rid of malware for Mac using CleanMyMac X:

  1. Launch the app
  2. Select Malware Removal from the left panel
  3. Click Scan

Malware Removal

A neat list of potentially dangerous items will be presented to you within seconds and CleanMyMac X will offer to remove any or all of them. Since CleanMyMac X’s developers are constantly updating the app’s knowledge graphs for malware, there are very few chances any type of malicious software will ever get past it.

Is there a way to scan for malware on Mac?

Macs come equipped with built-in protective and preventive tools like XProtect and Activity Monitor. Apple maintains a database of virus signatures and XProtect uses it to detect and stop malicious programs from running.

While XProtect is automatically enabled and working in the background, it remains a passive security feature, since it can’t run a scan of your Mac on demand if you notice something suspicious. Plus, Apple isn’t a dedicated security company, so its library of existing malware isn’t updated as often as CleanMyMac X’s, for example.

If you want to manually scan Mac for malware, you can use Activity Monitor. Here’s how:

  1. Go to Finder ➙ Utilities ➙ Activity Monitor
  2. Click on the CPU tab
  3. Sort %CPU from high to low and check the processes and apps

Activity Monitor My Processes

Keep in mind that using Activity Monitor as a malware detection tool is useful when you know what process or app you’re looking for, but if you do find malware, it won’t help you remove it.

Find malware in login items

Login items are programs and apps that launch automatically when you start up or log in to your Mac. Most of them are actually useful and you do want them to run in the background, but some can be less necessary or worse, be a source of malware.

Here’s how to remove malware by locating it in login items:

  1. Go to the Apple menu ➙ System Settings
  2. Click on General and select Login Items
  3. Check the list and click the munis (-) button next to remove any suspicious items

Login Items

Note: Some login items like LaunchAgents and LaunchDaemons won’t appear on this list and you may need to look further to find them.

If you’d prefer an automatic way to scan Mac for malware through login items, you can use CleanMyMac X’s Optimization module and view a complete list of items, including agents and daemons. Check and manage all login items from one clean panel with options to quickly disable or remove any of them!

Uninstall unknown apps

Checking and decluttering your Mac’s Applications folder is not just good for spotting suspicious additions, but also for keeping your device clean and fast. To uninstall unknown or unused apps, simply drag them to the Trash folder and then empty it.

Be mindful, however, that this action won’t remove hidden files associated with the app. Meanwhile those remaining files might be the ones containing malware for Mac. To remove those, you need to dig deeper into the operating system, or simply use CleanMyMac X’s Uninstaller module.

Here’s how to get rid of malware by uninstalling unknown apps:

  1. Launch CleanMyMac X
  2. Click on Uninstaller under Applications
  3. Scroll through the list of your unused apps and check mark the ones you want to remove completely
  4. Click Uninstall

remove leftovers

CleanMyMac X also features a Leftovers module that discovers and offers to remove those hidden files that are often left behind. Plus, you have the option to segment apps by developer, making it easier to view and remove those you no longer need.

Remove malware from browsing extensions

Browser extensions are software modules for customizing a web browser with interface modifications, cookie management, ad blocking, personalized scripting, and styling of web pages. Browser extensions run when a browser is being used and since they’re so popular, they’ve become places where malware tends to hide and operate.

Here’s how to remove malware Mac through browser extensions:

  • Chrome. Open Chrome and go to Window, then click Extensions. Disable and remove suspicious extensions from this page.
  • Safari. Open the browser, click on the menu and select Settings. Select the Extensions tab and click Uninstall next to any suspicious ones.
  • Firefox. Click on the three horizontal lines in the browser toolbar and select “Add-ons and themes.” Then click Extensions, check the list, and select to Remove the ones you find suspicious.

remove browser extensions

Secure the internet

A virtual private network, or VPN, protects your online activities by masking your IP address and encrypting data through the entire process. Instead of sending information directly from your IP address, the VPN server’s IP address is the one associated with your online activity.

Using a VPN can help you access geo-restricted content, improve your network connection, and establish utmost security, protecting you from cyberattacks. For example, try ClearVPN.

ClearVPN is an intuitive tool to help you personalize and protect your browsing experience, while having to waste no time tweaking VPN settings. All you have to do is open the app, decide what VPN tool you need, and you’re connected in a click! Apart from simplified international browsing, ClearVPN provides secure access to your online activities and never stores, shares, or collects your personal info, IP address, or any other data.

Secure browsing

Another good method for protecting your data online and beyond is using two-factor authentication. You can easily add an extra layer of protection to each of your online accounts using an app like Step Two.

Step Two features a minimalist and straight to the point interface with powerful features like time-based one-time passwords (TOTP), QR codes, secret keys, Safari autofill, iCloud backups, and a variety of customization options!

step two security

Boot into Safe Mode

Safe Mode, or a safe boot, is a way to start your Mac with only essential programs running. This method can help you identify whether issues you’re experiencing are caused by software that loads on your Mac’s startup. So if malware is set to load automatically, Safe Mode will prevent it from loading, making it easier to identify and remove.

Here’s how to scan Mac for malware using Safe Mode:

  1. Restart your Mac
  2. Press and hold down Shift on startup
  3. Release the Shift key once you see the Apple logo

Check agents and daemons

Agents and daemons are part of those hidden Login Items that you won’t see on the generic list. Both agents and daemons run on startup like all Login Items, the difference is, agents are restricted to operating within apps, while daemons run on a system-wide level.

It’s important to remember about agents and daemons and check for them when you’re trying to remove malware for Mac, as they’re perfect malware hiding spots, because they operate so deep in your device’s system.

Here’s how to get rid of malware by checking LaunchDaemons and LaunchAgents:

  1. Open Finder ➙ Go ➙ Go to folder
  2. Type and check /System/Library/LaunchDaemons for native macOS processes
  3. Type and check /Library/LaunchDaemons for installed third-party apps
  4. Type and check /Library/LaunchAgents for all user accounts
  5. Type and check ~/Library/LaunchAgents for a specific user account
  6. Type and check /System/Library/LaunchAgents for macOS only

launch daemons

How to protect your Mac from malware

Regularly scanning your Mac for malware, keeping macOS up to date, being cautious with the software you download, installing a VPN to secure your browsing, and using the best malware removal tools like CleanMyMac X will help protect your Mac for years of use.

If you notice your Mac showing symptoms of malware repeatedly, it could be a sign that there are issues with its security settings like Gatekeeper. In this case, you’ll need a reliable app to cover those macOS security pitfalls. For example, try Pareto Security.

Pareto Security is a robust utility that will check your device to see if you’ve utilized all its native security solutions and let you know what can be improved. Conveniently operating from your Mac’s menu bar, Pareto Security will identify settings that aren’t set to their most secure options and alert you in time to protect your Mac from malware.

How to get rid of malware once and for all

If your Mac gets infected, you now know how to remove malware manually, but you can also save some essential tools to help you prevent and secure your Mac against viruses. Let CleanMyMac X run maintenance checks on your device, while Pareto Security and Step Two will improve its security settings. Plus, ClearVPN is here to safeguard you on the web.

Get a seven-day trial of Setapp to try these apps — CleanMyMac X, Pareto Security, Step Two, and ClearVPN for free, along with over 240 other essential utilities for your macOS and iOS devices.

250+ apps for $9.99
per month

Sign up to Setapp and try them for free.

Security-tested