Warning icon
MacPaw stands with Ukraine. Here’s how you can help our country win with just several clicks.

Best ways to remove malware from Mac

9 min read

For a long time, viruses were foreign to Mac users. Macs weren’t always immune, but hackers weren’t bothering with Macs, and in-built security features kept Macs safe. With the Mac gaining in popularity, that’s no longer the case.

Even with Gatekeeper, which blocks software that Apple hasn't approved and that can’t run on your Mac without your approval, and macOS running on Unix which comes with multiple security layers, malware can still get through. Here, we’ll show you how to find malware on Mac computers, how to remove malware from Mac software (including how to remove malware from Mac Safari), and some free malware removal Mac apps you’ll love.

What is Malware?

A basic definition of malware is it’s any software meant to do harm to your computer, server, or network. That used to be fairly easy to narrow down, as malware was meant to actually destroy a computer by overclocking it or adding more malware to slow the machine down until it was useless.

Now, malware can be many things, and often doesn’t do harm to your machine or network at all. Malware in 2022 can be used for anything from monitoring keystrokes to using your machine’s processing power and network access to mining cryptocurrency without your knowledge. So it can be said that malware is any software that performs tasks you wouldn’t have authorized yourself. Luckily, the ways of removing malware from Mac have improved over the last years, too.

How can I find out if my Mac is infected?

Watch for a Mac that is starting to unexpectedly slow down, overheat, or just plain act strangely. Unexpected behavior is always a red flag. You might want to run a scan and make sure that your Mac hasn’t been infected, then delete the offending malware, ransomware, or another piece of malicious software.

Some Mac viruses and trojans don't alert the user about what they are doing. Those items can sneak in, thanks to hackers who steal authentic Apple digital signatures from professional developers or when hidden inside email attachments. They also gain entry via popular software like Adobe Flash or other legitimate pieces of software that Apple has already approved. These are just a few of the ways viruses can get inside your Mac before they get to work stealing and transmitting passwords, iPhone backups, bank details, and other data.

Now that you’re aware of these threats you probably feel like giving your Mac a scan to ensure it’s safe from malware. Thankfully, there are a few ways you can do this quickly with a reliable Mac malware cleaner.

3 signs your Mac has a virus

How to remove malware from Mac

Malware is constantly evolving, so routine checks and maintenance is a great idea. You should also find a good service that updates its list of known malware often, so you feel confident your scanning tools are on the watch for malware. Sometimes, knowing how to get rid of malware on Mac is as simple as owning the best software for the job.

The easiest way to get rid of malware on Mac with CleanMyMac X

CleanMyMac X is an app every Mac owner should have. It keeps tabs on your macOS system, and offers a routine cleaning service to make sure your Mac is operating at its peak. One of its best tools is malware detection and removal. Here’s how to clean malware from Mac with CleanMyMac X:

  1. Open CleanMyMac X on your Mac
  2. On the left side of the window, select “Malware Removal”
  3. On the bottom of the window, select “Scan”

CleanMyMac X has a constantly updating knowledge graph for malware, so the chances something will sneak past it are really limited. It also scans your entire system in seconds, and tells you about items it thinks may be malware. Again, if you know something to be safe, don’t remove it – but CleanMyMac X is pretty smart, so this isn’t really a concern.

malware removal cleanmymac

Check Activity Monitor

You can use Activity Monitor to scan for malware, viruses, and other malicious software, but tread lightly. Activity Monitor does a good job of telling you what’s using your Mac’s resources, but is not Apple malware removal software. 

To use Activity Monitor, simply open the app, which is included with every Mac. It will immediately show you what’s using your resources. Using it as a malware detection tool is only useful when you know what you’re looking for; not all oddly-named processes are malware. Sometimes, a browser like Chrome has services running for necessary purposes. Activity Monitor also doesn’t remove malware. For that, you need something better.

Find malware in Login items

A login item is typically benign software an app loads because it wants to operate in the background every time you log into your Mac. These items may be very simple operations like cloud sync to Google Drive or Dropbox, or some applications that allow you to create custom keyboard shortcuts locally. Both of those are examples of things you’d likely want running at login.

Other times, login items are less necessary, and can house malware. Some applications even use login items as covers for straight-up malware – like cryptocurrency miners.

There are two ways to check to see which login items you’ve got active on your Mac. The first is via System Preferences:

  1. In your Mac’s menu bar, select the Apple logo on the top left
  2. Select “System Preferences”
  3. Select “Users & Groups”
  4. Select “Login Items”

This shows you all of your Mac’s login items. From there, you can select the items you want to disable or remove.

A better way is with CleanMyMac X. It shows a much more thorough list of login items, and even lists launch agents right next to it (we’ll get to that in a bit). Here’s how to check login items on your Mac using CleanMyMac X:

  1. Open CleanMyMac X on your Mac
  2. Select “Optimization” on the left side of the window
  3. Select “View All Items”
  4. Select “Login Items”

From here, you can quickly disable or remove the login items you want to manage. Where our Mac only showed two login items, CleanMyMac X shows a dozen or more. It’s incredibly thorough!

login items removal mac

Disconnect your Mac from the internet 

If it looks like your Mac has been affected by some virus, make sure you disconnect from the Internet immediately. This won’t alleviate the harm that’s already been done, but it will certainly stop the malware from spreading further. Once you’ve disconnected, proceed with your Apple malware removal process. 

disconnected Mac from Internet

Uninstall unknown apps

Apps you don’t want on your computer can also be causing it to slow down. Finding and removing them is often important.

From your Mac’s applications drawer, you can long-press on an app to bring up the familiar iOS-like icon wiggling, where you can simply click the “x” next to apps ready for removal. This is the simplest method for removing an app, but often only scratches the surface; usually, an app’s files are left behind, where malware can hide. 

A better option is, again, CleanMyMac X! It has an “Uninstaller” module that helps you clean apps from your Mac with ease. We especially enjoy that it segments apps by developer; if you decide you no longer want Google in your life, CleanMyMac shows you all of your Google apps in one single list.

One of the features that really sets it apart is its “Leftovers” module within the uninstaller. It discovers and offers to remove leftover files. As you can see in the screenshot below, Cisco’s Webex left behind files when it was deleted. No thanks! All you have to do is select the files you want to be removed, and click “Uninstall” at the bottom of the window.

delete leftovers

Remove malware from browsing extensions (Safari, Google Chrome, Firefox)

Now that you know about malware removal Mac computers have another place to look: browsers.

Browser extensions run when a browser is being used, but for most of us, that’s just about all day, every day. Browsers are basic tools to access the internet but can be very powerful, too.

If you use Chrome, extensions can be managed by selecting “Window” in the Mac menu bar when Chrome is open, then “Extensions.” This takes you to a dedicated page in Chrome where you can disable or remove extensions.

browser is managed

In Firefox, you can select “Add-ons” from the settings menu in the top right of the browser window, then “Extensions” from the list on the left side of the browser window. This page allows you to disable or remove extensions.

In Safari, extensions are a bit tougher to get to. You have to select “Safari” from the menu bar, then “Preferences.” In that window is a tab named “Extensions” where you can disable or uninstall your extensions. 

Not all extensions are bad – and not all trusted extensions are good! A great way to know if an extension is doing more than it should is to use iStat Menus, an app that monitors your Mac performance, including browsers and extensions.

Computer performance is an indicator of malware, and iStat Menus gives you a real-time look at what apps or extensions are using resources on your Mac, then offering to delete them. 

manage browser extensions mac

Agents and Daemons

Like login items, agents and daemons are bits of code packaged with apps meant to operate behind the scenes. Agents and daemons run on bootup; the difference is, daemons run on a system-wide level, while agents are restricted to operating with apps.

It’s important to keep an eye out for these two items when looking for malware. Daemons can be especially tricky because they tend to hide deep in your Mac’s filesystem, and operate at such a level they remain undetectable. 

Keep in mind not all agents or daemons are bad. Like login items, they’re typically useful and necessary. In the screenshot below, we’ve highlighted a few daemons running on the system, none of which are cause for alarm! But it’s also worth knowing what to look for; daemons often have names ending in ‘d’ or, as with iStat Menus, are named ‘daemon’ properly.

mac daemons monitor

Boot into Safe Mode

If there are signs of malware infection on your Mac, it’s a good idea to boot into Safe Mode. This blocks all the suspicious software from running when you start up your Mac. To enter Safe Mode: 

  1. Restart your Mac
  2. Press and hold down Shift on the startup
  3. Release Shift once you see the Apple logo. 

This is only a small step towards stopping malware infection — you’ll still have to go a long way from there, identifying the virus and getting rid of malware on Mac using CleanMyMac X. 

How to protect your macOS from malware

Routine checks with CleanMyMac X help keep your machine free of malware, and routine backups of a cleaned-up Mac can help when you need to reboot from a backup. Once you’ve got your system in perfect working order with CleanMyMac X, Get Backup Pro is your best option for creating bootable, compressed backups for Mac.  

If you notice your Mac showing symptoms of malware repeatedly, there could be some issues with your Mac’s security settings. For example, if you mistakenly keep your Gatekeeper turned on, your Mac is more vulnerable to getting infected. 

Pareto Security can help run a security check on Mac, right from your menu bar. It will identify all the settings you need to change to protect your Mac from malware. 

security check

What to do if you still can’t get rid of malware 

First of all, get Setapp and install a few essential tools for Mac security — CleanMyMac X, Pareto Security, iStat Menus, Secrets, Get Backup Pro, and others — to ensure you not only know how to get rid of malware on MacBook, you also have all the necessary tools at hand. These tools will help prevent and secure your Mac against viruses. Setapp is free to try for 7 days, and covers every essential app you’ll need on Mac and iPhone. 

If there’s still no help and you can’t get rid of malicious threats, consider a factory reset. Note that this will completely wipe down everything from your Mac, so make sure to keep a secure backup of your essential files on an external device.

Get 230+ Mac apps for any job

Sign up to Setapp and try them for free.