- Viruses, on the other hand, are bits of codes that penetrate your system in one way or another and designed to mess with your system. The first step towards Mac virus removal is to of course know if your device has one. Here are some symptoms: Your Mac becomes slow and sluggish all of a sudden.
- Malwarebytes Anti-Malware for Mac is our first malware removal application designed for OS X 10.9. Malwarebytes Anti-Malware for Mac v1.3.1 reached End of Life on 8/15/2018. You may continue to use.
The malware problem on Mac OS X is nothing like as bad as it is on Windows, but that doesn’t mean it can be ignored.
Before we begin, let’s make one thing really clear.
Apple helps you keep your Mac secure with software updates. The best way to keep your Mac secure is to run the latest software. When new updates are available, macOS sends you a notification — or you can opt in to have updates installed automatically when your Mac is not in use. MacOS checks for new updates every day, so it’s easy to always have the latest and safest version. Download Malwarebytes for Mac (the free version) and you get a 14-day trial of the premium version with automatic (real-time) virus and malware protection. After 14 days, your trial reverts to a limited disinfection scanner. Buy the premium version now to prevent infection in the first place.
The malware problem on Mac OS X is nothing like as bad as it is on Windows.
There are something like 200,000 new Windows malware variants being discovered each day. Malicious code activity in the Mac world is far less frenetic, but the fact is, malware does exist that can infect our iMacs or MacBooks.
And if your Apple computer is unlucky enough to fall victim you’re not going to feel any better than your PC-owning friends who are struggling to remove a backdoor Trojan or a pernicious browser toolbar from their copy of Windows.
Also, it’s worth bearing in mind that Mac malware is not a new phenomenon.
Malware for Apple devices actually predates the Macintosh *and* the PC, with the first example being the Elk Cloner worm written by Rich Skrenta, and designed to infect Apple II devices way back in 1982.
But threats on Apple II and Apple computers running Mac OS 9 and earlier aren’t really relevant anymore to anyone aside from historians.
What modern Mac users care about are what malware threats exist for Mac OS X.
And, it turns out, that 2014 will see the tenth anniversary of Mac OS X malware. Here are some of the more notable examples of worms and Trojan horses that have been seen for the platform in the last ten years.
As ESET’s Mac malware facts webpage illustrates, the first malware specifically written for Mac OS X emerged in 2004.
Renepo (also known as “Opener”) was a shell script worm, and contained an arsenal of backdoor and spyware functionality in order to allow snoopers to steal information from compromised computers, turn off updates, disable the computer’s firewall, and crack passwords.
Renepo was never going to be a serious problem for the vast majority of Mac users, as it didn’t travel over the internet and required the attacker to have access to your computer to install it. Nevertheless, it was an indicator that Apple Macs weren’t somehow magically protected against malicious code.
Leap represented, for many people watching observing Apple security, the first real worm for the Mac OS X operating system.
Leap could spread to other Mac users by sending poisoned iChat instant messages – making it comparable to an email or instant messaging worm.
At the time, some Mac enthusiasts leapt (geddit?) to Apple’s defence and argued that Leap “wasn’t really a virus”, but claimed it was a Trojan instead. But – in my opinion – they were wrong.
The argument typically went that because Leap required user interaction in order to infect a computer (the user had to manually open the malicious file sent to them via iChat), then it couldn’t be a virus or a worm
But then commonly discovered examples of Windows malware encountered at the time either, like the MyDoom or Sobig, also required manual intervention (the user clicking on a file attachment). And yet, Mac users seemed very keen to call those examples of Windows malware “viruses” at every opportunity.
In my opinion, viruses is a superset consisting of other groups of malware, including internet worms, email worms, parasitic file viruses, companion viruses, boot sector viruses and so forth. Trojans are in an entirely different class of malware because – unlike viruses and worms – they cannot replicate themselves and cannot travel under their own steam.
Leap was rapidly followed by another piece of malware, a proof-of-concept worm called Inqtana which spread via a Bluetooth vulnerability.
So, next time someone tells you that there are no viruses for Mac OS X – you can now speak with authority and tell them, oh yes there are!
Things took a more serious turn with Jahlav (also known as RSPlug), a family of malware which deployed a trick commonly seen on Windows-based threats by changing an infected computer’s DNS settings. There were many versions of Jahlav, which was often disguised as a fake video codec required to watch pornographic videos.
Of course, the criminals behind the attacks knew that such a disguise was a highly effective example of how social engineering could trick many people into giving an application permission to run on their computer.
The truth was that many Mac users, just like their Windows-loving counterparts, could easily let their guard down if they believed it would help them see X-rated content.
An early example of Mac OS X scareware, MacSweep would trick users into believing it was finding security and privacy issues on their computers – but in fact any alerts it displayed were designed simply to trick unsuspecting users into purchasing the full version of the software.
Snow Leopard (2009)
Snow Leopard isn’t malware, of course. It was version 10.6 of Mac OS X, released in August 2009.
And the reason why it is included in this history of Mac OS X malware is because it was the first version of the operating system to include some built-in anti-virus protection (albeit of a very rudimentary nature).
Apple, rattled perhaps by the widespread headline-making infections caused by the likes of the Jahlav malware family, had decided it needed to do something.
However, as its anti-virus functionality only detected malware under certain situations (and initially only covered two malware families) it was clear that security-conscious Mac users might need something better.
This Java-based Trojan showed that multi-platform malware had well and truly arrived, attacking Macs, Linux and Windows systems.
The threat spread via messages on social networking sites. pretending to be a video and asking the enticing question “Is this you in this video?”.
MacDefender saw Mac malware infections reach new heights, as many users began to report seeing bogus security warnings on their computer.
Using blackhat search engine optimisation techniques, malicious hackers managed to drive traffic to boobytrapped websites containing their rogue anti-virus scans, when users searched for particular images.
The danger, of course, was that users were being duped into handing over their credit cards in order to purchase a “solution” to the alarming messages.
Tens of thousands of people contacted Apple’s technical support lines, requesting assistance.
The Flashback malware outbreak of 2011/2012 was the most widespread attack seen on the Mac platform to date, hitting more than 600,000 Mac computers.
The attack posed as a bogus installer for Adobe Flash and exploited an unpatched vulnerability in Java, with the intention of stealing data (such as passwords and banking information) from compromised Mac computers, and redirecting search engine results to defraud users and direct them to other malicious content.
In September 2012, ESET researchers published a comprehensive technical analysis of the Flashback threat which is well worth a read, if you want to know more.
Lamadai, Kitm and Hackback (2013)
In recent years, Macs have also been used for espionage – and naturally suspicious fingers have begun to point towards intelligence agencies and government-backed hackers when very specific victims are targeted.
The Lamadai backdoor trojan, for instance, targeted Tibetan NGOs (Non-Governmental Organizations), exploiting a Java vulnerability to drop further malware code onto infected users’ computers,
Kitm and Hackback, meanwhile, spied on victims at the Oslo Freedom Forum, giving the malicious hacker the ability to remotely run commands at will.
LaoShu, Appetite and Coin Thief (2014)
So, what of 2014? Has the 10th anniversary been a notable year so far for Mac OS X malware?
Well, according to researchers at ESET, new Mac malware variants continue to be seen every week, putting Mac users who don’t defend their computers at risk of data loss or having their computer compromised by an attack.
State-sponsored espionage continues to make its presence felt, with the discovery of Appetite, a Mac OS X Trojan that has been used in a number of targeted attacks against government departments, diplomatic offices, and corporations.
LaoShu meanwhile, has been widely spread via spam messages – posing as an undelivered parcel notification from FedEx, and scooping up documents of interest that have not been appropriately secured.
CoinThief, however, has probably received the most attention recently as it is distributed in cracked versions of Angry Birds, Pixelmator and other top apps, duping users into infection.
What made CoinThief most interesting, however, was that investigators found the malware was designed to to steal login credentials related to various Bitcoin-related exchanges and wallet sites via malicious browser add-ons.
In summary – protect yourself
This has just been a short history of Mac OS X malware. If you want to learn more about any of these threats, or are interested in any of the other Mac malware that ESET has seen in the last 10 years, be sure to check out the company’s “Straight facts about Mac malware” webpage and consider taking the free trial of ESET Cybersecurity for Mac.
Because, even though there isn’t as much malware for Mac as there is for Windows, one infectious outbreak is too many, and we know that the bad guys are working hard to find fresh victims.
- Free trial of ESET Cybersecurity for Mac.
Macs are known for being generally reliable and secure, but just like any other piece of technology, they also have weak points, which may be taken advantage of by unscrupulous perpetrators. Within the last few years, there have been several reports of malware and virus attacks on Macs, albeit not worsening enough to be considered an epidemic. Still, the fact remains that the threat is out there and Mac users are not totally invulnerable to cyber attacks.
The latest reported Mac threat was the OSX/MaMi. It made the news in January 2018. The malware was designed to install a new root certificate, allowing it to intercept communications, even the encrypted ones. When it gets to successfully route traffic through malicious servers, that’s when it intercepts sensitive information.
Because of threats such as this, it’s imperative that you know of free Mac virus removal methods. Aside from virus removal methods, you should also educate yourself about the signs of malware and virus infection, as well as the most common sources of malicious and dangerous programs.
Is Your Mac Infected? Signs Your Mac Has a Virus
Before we proceed, let’s set things straight first. You probably noticed we mentioned both malware and virus, but take note that they are different. Malware is typically disguised as an app or program that promises to do something good for you or your system, but actually does something bad, such as spy on your online activities and collect sensitive data. Viruses, on the other hand, are bits of codes that penetrate your system in one way or another and designed to mess with your system.
The first step towards Mac virus removal is to of course know if your device has one. Here are some symptoms:
- Your Mac becomes slow and sluggish all of a sudden.
- There’s a new toolbar or plugin in your browser that you don’t remember installing yourself.
- Your searches get redirected to a different site, or to one that looks like a fake version of the real site you intend to visit.
- Every webpage is riddled with ads, including those that you don’t expect to be so.
- Advertisements that are not at all connected to your recent and common searches pop up out of nowhere.
If you notice any of these signs, be cautious and don’t panic. For one, there are many possible reasons for Mac slowdown. You can blame it on junk file and cache overload, or maybe an insufficient RAM. Before you assume the worst, run a Mac scan using a 3rd party cleaning tool to see if there are items that you can get rid of to improve your Mac’s performance. But if the problem persists, then it’s probably a malware or virus indeed.
Where Do Viruses and Malware Come From?
So, where could you have gotten the malware or virus currently wreaking havoc on your Mac? It might have originated from any of these:
- Laced software – Sometimes, legit and innocent programs and files may be laced with malware and viruses. These can range from simple adware that you unconsciously agreed to install on your system to more dangerous ones that are meant to gather important information about you.
- Fake files and programs – Malware and viruses may be disguised as another program — ironically, as an antivirus or anti-malware even. They are also sometimes made to appear in a photo, video, or pdf file that you might have downloaded onto your system unsuspectingly.
- Fake updates and utilities – You may also get malware and viruses by downloading a fake update or system tool for a program or an app on your Mac.
- Unsecured websites – If you don’t see a padlock icon on the URL bar, this means that you’re browsing an unsecured website. Even if the site itself doesn’t have any bad intentions, it can be easily penetrated by malware and viruses, which in turn can enter your system.
Free Protection Against Viruses: The Built-in Mac Tools
Now, you probably think that in order to protect your Mac from these threats and get rid of them should they get into your system, you have to shed a few dollars. Well, how did you think Mac got its reputation for being secure and capable machines? Well because of built-in tools, invisible background protection against malware and viruses. Your Mac has the following:
- File Quarantine – This is a Mac feature that was first introduced in OS X Leopard. When you download a potentially malicious file over a quarantine-aware platform, such as Safari or Mail, that file will be quarantined. When you open the file, you will be asked by macOS if you’re sure you want to open it, warning that it may be dangerous for your system. It will be in your best interest to heed the warning and not open the file.
- Gatekeeper – This basically works like File Quarantine, but for applications. A relatively new program, Gatekeeper was first introduced in Mountain Lion. It is designed to protect your Mac from malware and dangerous app downloads straight from the internet (not from the App Store). Apple gives recognized developers, who make their apps available outside the App Store, a unique Developer ID. If an app was created by a developer without a Developer ID, Gatekeeper will block its installation. The same goes for apps with fake or tampered Developer IDs.
- Xprotect – This is Apple’s built-in Mac virus scan. It was first introduced in Snow Leopard as a built-in feature of File Quarantine. Xprotect was added to scan for malware and viruses that may be embedded within the file downloaded from the internet. If the file is found to be infected, you will be informed so, and you should move it to the Trash.
By taking your Mac’s warnings seriously, you could keep it malware and virus-free.
Safety Precautions to Observe if You Think Your Mac Was Infected
If the File Quarantine, the Gatekeeper, and the Xprotect detected a threat that tried to penetrate your system, you need to be extra cautious when using your Mac until you’re really sure that it’s virus and malware-free.
- Don’t type passwords. If you suspect that your Mac is infected by a malware or virus, stay away from anything that requires you to type in passwords or login details. Some malware has keyloggers, which can record your login credentials as you type them. Some may even take screenshots, so refrain from copying and pasting passwords from a note or document. Do not click on the Show Password option as well.
- Stay offline as much as possible. Until you’re completely sure that the threats are fully extinguished, turn off your Mac’s WiFi or disconnect the Ethernet cable. This will prevent unauthorized transfer of data. If possible, use a different device if you really have to go online.
- Use Activity Monitor to your advantage. If your gut tells you a malware was installed along an update or app, quit that malicious app by pressing Command + Q. You may also choose Quit from the menu. Then, open Activity Monitor, which can be found in Applications > Utilities folder. On the search field at the top right, type in the name of the app you just quit. If it’s still in the list of running programs despite the fact that you’ve already quit it, then your suspicion has just been validated. Select that program, click [X] at the top left of the toolbar, then choose Force Quit.
- Use the help of third-party Mac cleaners. Tools like Outbyte MacRepair serve as an additional layer of protection on top of Mac’s built-in ones. With these tools, you can scan your Mac for problematic files and apps, allowing you to decide whether to keep them or remove them from your system to ensure optimal and secure performance.
- Restore from a backup. If you keep your Time Machine backup up-to-date, you can restore a version of your Mac from the time when it was still malware and virus-free.
- Change your passwords. After you’ve restored an old version of your Mac, consider changing passwords for all of your accounts. This way, even if a malware was able to capture any of your login credentials, they won’t be used to log in to your accounts anymore.
- Reinstall macOS and apps. Probably the last and final measure you could do to make sure no remnants of malware and virus is left in your system is to reinstall macOS and all of the apps you use.
- Check with your bank. Call your credit card provider to check if any unauthorized transactions were done using your card. You should also check your bank account if any fund transfer was made without your consent. Tell your credit card provider and bank about the situation as well as to warn them not to approve any unusual transactions. If possible, request for a new card and arrange to have your online account login details changed.
Virus Scan For Mac Os X
Indeed, your device is equipped with tools to remove Mac virus for free. However, we will never know when unscrupulous developers will be able to create malware and viruses that could hide and escape from those built-in tools. Sure, Apple will once again develop and offer improved versions of their free malware and virus removal tools to fight advanced threats. However, you should also do your part to keep your Mac safe from harm. Make it a habit to scan for malicious files and programs, and stay away from unsecured sites.
Virus Cleaner For Mac Os X