In this article, we will look at the most common Mac viruses and security flaws, how to detect them, prevent your Mac from getting them, and how to remove them.

The more macOS grows in popularity, the more lucrative it becomes to hackers and rogue programmers, and with no anti-virus, your MacBook is at risk of attack. Viruses on Mac are more common than you might imagine. We’re going to run through known Mac viruses, malware, and security flaws and show you how to keep your computer safe using CleanMyMac X.

Something to note before we continue: a virus is a type of malware, capable of copying itself and spreading across a system. Malware is a blanket term for a wide range of malicious software including adware, spyware, ransomware, and Trojans. So all viruses are malware, but not all malware are viruses if that makes sense?

Okay, let’s dig in.

We’ve compiled a list of some of the best software available for Apple’s Mac, from email and shortcut apps to window organizers and multimedia players. Airmail 3, Alfred, Bear, LastPass.

How a Mac virus infects your system

How does a Mac virus find its way onto your system in the first place? Typically with a helping hand from you.

Apple viruses rely on you downloading a program, clicking a link, or installing an app or plugin.

The most common ways for malware to infiltrate your computer is through third-party browser plugins like Adobe Reader, Java, and Flash, or by using a Trojan horse or phishing scam — an app or email that appears to be from a legitimate source, but is in fact fraudulent. The moment you click on a link and enter details or download the seemingly genuine app, you give the green light for a virus to infect your system.

The best way to avoid a virus on Mac is to be vigilant. Double check every app that you want to download and every email that you receive before following through on an action. If something seems off, there’s every chance that it is.

However, as you’ll see from some of the viruses, in certain cases even vigilance can’t protect you.

An X-ray of a Mac virus: Here is what it looks like

Below is an executable command of an adware code. As you can see it aims to 'download offers' that users see on their computers

Known Mac viruses

1. Microsoft Word macro viruses

What’s that, a Microsoft program bringing its virus-riddled programs over to Mac? Unfortunately, yes.

Macros are commonly used by Word users to automate repetitive tasks and they're a prime target for Malware peddlers. Macro support on Mac was removed by Apple with the release of Office for Mac back in 2008, but was reintroduced in 2011 meaning files opened with macros enabled could run a Python code to log keystrokes and take screenshots of personal data.

In 2017, Malwarebytes discovered malware in a Word document about Donald Trump to the worry of Mac users. However, the chances of being infected rely on you opened that specific file, which is slim.

A warning message that Apple displays anytime a file contains macros should be enough to keep you safe from Word macro viruses.

2. Safari-get

Safari-get is a denial-of-service (DoS) attack that began targeting Mac in 2016. The malware is hidden behind a link in a seemingly genuine tech support email — you click on the link, the malware makes itself at home on your computer.

What happens then depends on whether you’re running macOS 10 or 11. The first variant takes control of the mail application to force create multiple draft emails. The second force opens iTunes multiple times. The end goal for both is the same: overload system memory to bring your Mac to its knees so that you call up a fake Apple tech support number and hand over your credit card details to a bogus team on the other end of the line.

MacOS High Sierra versions 10.12.2 and above include a patch for this vulnerability, so updating your machine should keep you safe.

3. OSX/Pirrit

OSX/Pirrit is a virus that is able to gain root privileges to take it upon itself to create a new account and download software that you neither want nor need. The virus was found by Cybereason to be hidden in cracked versions of Adobe Photoshop and Microsoft Office that are popular on torrent sites.

A stark reminder, if ever you needed one, to never download pirated software!

Known Mac malware

1. OSX/MaMi

OSX/MaMi holds the distinction of being the first macOS malware of 2018. It targets Mac users with social engineering methods such as malicious emails and website pop-ups. Once it’s made its way onto a system, the malware changes DNS server settings so that attackers can route traffic through malicious servers and intercept any sensitive data. MaMi is also capable of taking screenshots, downloading and uploading files, executing commands, and generating mouse events.

The Hacker News provides instructions on how to identify the virus on your system:

“To check if your Mac computer is infected with MaMi malware, go to the Terminal via the System Preferences app and check for your DNS settings—particularly look for 82.163.143.135 and 82.163.142.137.”

2. OSX/Dok

This piece of Malware is a worrying one in that it is signed with an Apple-authenticated developer certificate, thus allowing it to bypass Mac’s Gatekeeper security feature and XProtect. Like OSX/MaMi, OSX/Dok intercepts all traffic (including traffic on SSL-TLS encrypted websites) moving between your computer and the internet to steal private information.

Since it arrived on the scene in April 2017, Apple has revoked the developer certificate and updated XProtect, however, it remains one to look out for.

3. Fruitfly

Fruitfly malware has stolen millions of user images, personal data, tax records and “potentially embarrassing communications over a 13 year period by capturing screenshots and webcam images. Researchers are unsure how the near-undetectable “creepware” finds its way on to Mac systems and while Apple has been working to patch the issue, it’s unknown if newer versions still exist in the wild.

4. X-agent

X-agent is classic malware capable of stealing your passwords and iPhone backups and taking screenshots of sensitive data. It has mainly targeted members of the Ukrainian military, which is very bad, of course, but if you're not a member of Ukrainian military you’re unlikely to be affected.

5. MacDownloader

While its name suggests it could be a useful app, MacDownloader is a very nasty piece of malware programmed to attack the US defense industry. It’s hidden inside a fake Adobe Flash update and shows a pop-up claiming your system is infected with adware. By clicking on the alert and entering your admin password, MacDownloader lifts sensitive data, including passwords and credit card details, and sends it to a remote server.

MacDownloader is designed to attack a particular audience, but it’s worth checking for updates on Adobe’s official website before installing any new version of Flash.

6. KeRanger

KeRanger is macOS’s first introduction to ransomware — malware that encrypts system files and demands a ransom to decrypt them. It was bundled in with the torrent client Transmission version 2.90 and installed at the same time, using a valid Mac app certificate to sneak through Apple security. Once document and data files are encrypted, KeRanger demands payment in bitcoin for the malware to be removed.

Transmission has released an update to remove the malware and Apple has removed KeRanger’s GateKeeper signature to protect users. If you’re using Transmission 2.90, head over to the Transmission website to download the latest update.

Known Mac security flaws

1. Goto fail bug

The Goto fail bug was a bit of an embarrassing one for Apple in that the security flaw was as a result of its own doing. A bug in Apple’s SSL (Secure Sockets Layer) encryption meant that a Goto command was left unclosed in the code, thus preventing SSL from doing its job to protect users of secure websites. The flaw put communications sent over unsecured Wi-Fi (the hotspots you use at the mall and in coffee shops) at risk, allowing hackers to intercept passwords, credit card details, and other sensitive information.

Apple has since patched the issue on macOS, but it certainly makes you think twice about how you browse the web on your MacBook in a public place.

2. Meltdown and Spectre

In January 2018, it was announced that there was a flaw in Intel chips used in Macs, giving rise to the dastardly duo of Meltdown and Spectre.

From Apple:

The Meltdown and Spectre issues take advantage of a modern CPU performance feature called speculative execution. Speculative execution improves speed by operating on multiple instructions at once—possibly in a different order than when they entered the CPU. To increase performance, the CPU predicts which path of a branch is most likely to be taken, and will speculatively continue execution down that path even before the branch is completed. If the prediction was wrong, this speculative execution is rolled back in a way that is intended to be invisible to software.

The Meltdown and Spectre exploitation techniques abuse speculative execution to access privileged memory—including that of the kernel—from a less-privileged user process such as a malicious app running on a device.

Meltdown and Spectre affects all Mac systems, but Apple insists there are no known exploits currently impacting customers. macOS 10.13.2 and above includes a patch to protect against both flaws.

3. High Sierra “root” bug

As far as security flaws go, High Sierra’s “root” bug is a pretty big one. The flaw, which was discovered by software developer Lemi Orhan Ergin, allowed anyone to gain root access to a system by leaving the password field blank and trying multiple times in a row. So, anyone with physical access to your system, or access via remote desktop or screen-sharing, could type in “root” and hit enter a few times to gain full control of your Mac. Scary thought, huh? Mac photos app not syncing with icloud.

Apple has recently released an official fix for the flaw, but it’s worth taking care about who shares access privileges on your Mac.

How to recognize a virus on Mac

So how do you spot a virus on your MacBook Pro or iMac? In the case of ransomware like KeRanger or a DoS attack like Safari-get, the issue is in your face. With other malware, however, the infection is less obvious.

A few of the tell-tale signs include:

• Unexpected system reboots
• Apps closing and restarting for no reason
• Browsers automatically installing suspicious updates
• Web pages obscured with ads
• Drop in system performance

How to avoid a virus on Mac

We briefly covered this at the top of the article, but there are measures you can take to help safeguard your system:

• Always check the source of an email by looking at the address of the sender
• Avoid pirated software
• Avoid software and media downloads from torrent clients
• Avoid apps or pop-ups that ask you to “fix” an infected Mac
• Never download codecs or plug-ins from unknown websites
• How to remove a virus on Mac

If you suspect a Mac virus has infected your system, it’s important to address the problem immediately. There are two ways that you can do this: manually or with CleanMyMac X.

Facetime app mac database software. FaceTime is a proprietary videotelephony product developed by Apple Inc. FaceTime is available on supported iOS mobile devices running iOS 4 and later and Mac computers that run Mac OS X 10.6.6 and later. FaceTime supports any iOS device with a forward-facing camera and any Mac computer equipped with a FaceTime Camera. FaceTime Audio, an audio-only version, is available on any iOS device that. Mac OS X Mac OS 9 iPhone iPad - English With FaceTime for Mac, users can benefit from live discussions on an iPad, iPod, iPhone or Mac with a built-in camera. It is a free and very handy video conferencing tool for Mac and other Apple products. FaceTime for Mac makes it easy to talk, smile and laugh with friends and family on their iPhone 4, iPad 2, iPod touch or Mac. Getting started is quick and easy — simply enter your Apple ID and you're ready to go. Whether you're talking to someone on an iPhone or on another Mac, video calls with FaceTime look great.

How to remove a virus on Mac manually

To remove a virus manually, the first thing to do is find out what’s causing the problem.

The chances are it could be a downloaded file, so go to your Downloads folder and search for .DMG files. If the file is unfamiliar, delete it and empty the Trash.

If an app is the issue, go to your Applications, drag the icon of the culprit to the Trash bin and empty the Trash immediately.

Both of these methods offer a quick fix, but neither is the most comprehensive of solutions. The way in which viruses work means that the infection could have spread to system folders. If the problem persists, opt for the more robust CleanMyMac 3.

How to remove malware on Mac with CleanMyMac X

CleanMyMac X is designed to detect and remove malware threats from your Mac, including adware, spyware, ransomware, worms, and more.

If malware is lurking within your Mac, it won’t be after CleanMyMac is done with it.

1. Download CleanMyMac X (free download) and launch the app.
2. Click on the Malware Removal tab.
3. Click Scan.
4. Click Remove.

This app is actually notarized by Apple so you are safe using it. Speaking of malware, it has a real-time monitor that keeps an eye on your Launch Agents. If an unkown app tries to add itself into your system folders, you'll get an instant notification from CleanMyMac X.

Keep your Mac virus-free

For the most part, using a Mac is a pleasant, malware-free experience, but no computer is ever 100% virus-free. Keeping abreast of known Mac viruses so that you know what to look for and airing on the side of caution when downloading software will help keep your system running smoothly. And if a rogue app does make its way on your system, keep CleanMyMac X close to hand to remove it immediately and completely.

These might also interest you:

An eGPU can give your Mac additional graphics performance for professional apps, 3D gaming, VR content creation, and more.

eGPUs are supported by any Thunderbolt 3-equipped Mac¹ running macOS High Sierra 10.13.4 or later. Learn how to update the software on your Mac.

An eGPU lets you do all this on your Mac:

• Accelerate apps that use Metal, OpenGL, and OpenCL
• Connect additional external monitors and displays
• Use virtual reality headsets plugged into the eGPU
• Charge your MacBook Pro while using the eGPU
• Use an eGPU with your MacBook Pro while its built-in display is closed
• Connect an eGPU while a user is logged in
• Connect more than one eGPU using the multiple Thunderbolt 3 (USB-C) ports on your Mac²
• Use the menu bar item to safely disconnect the eGPU
• View the activity levels of built-in and external GPUs (Open Activity Monitor, then choose Window > GPU History.)

eGPU support in apps

eGPU support in macOS High Sierra 10.13.4 and later is designed to accelerate Metal, OpenGL, and OpenCL apps that benefit from a powerful eGPU. Not all apps support eGPU acceleration; check with the app's developer to learn more.³

In general, an eGPU can accelerate performance in these types of apps:

• Pro apps designed to utilize multiple GPUs
• 3D games, when an external monitor is attached directly to the eGPU
• VR apps, when the VR headset is attached directly to the eGPU
• Pro apps and 3D games that accelerate the built-in display of iMac, iMac Pro, MacBook Air, and MacBook Pro (This capability must be enabled by the app's developer.)

You can configure applications to use an eGPU with one of the following methods.

Use the Prefer External GPU option

Starting with macOS Mojave 10.14, you can turn on Prefer External GPU in a specific app's Get Info panel in the Finder. This option lets the eGPU accelerate apps on any display connected to the Mac—including displays built in to iMac, iMac Pro, MacBook Air, and MacBook Pro:

1. Quit the app if it's open.
2. Select the app in the Finder. Most apps are in your Applications folder. If you open the app from an alias or launcher, Control-click the app's icon and choose Show Original from the pop-up menu. Then select the original app.
3. Press Command-I to show the app's info window.
4. Select the checkbox next to Prefer External GPU.
   
5. Open the app to use it with the eGPU.

You won't see this option if an eGPU isn't connected, if your Mac isn't running macOS Mojave or later, or if the app self-manages its GPU selection. Some apps, such as Final Cut Pro, directly choose which graphics processors are used and will ignore the Prefer External GPU checkbox.

Set an external eGPU-connected display as the primary display

If you have an external display connected to your eGPU, you can choose it as the primary display for all apps. Since apps default to the GPU associated with the primary display, this option works with a variety of apps:

1. Quit any open apps that you want the eGPU to accelerate on the primary display.
2. Choose Apple menu  > System Preferences. Select Displays, then select the Arrangement tab.
3. Drag the white menu bar to the box that represents the display that's attached to the eGPU.
4. Open the apps that you want to use with the eGPU.

If you disconnect the eGPU, your Mac defaults back to the internal graphics processors that drives the built-in display. When the eGPU is re-attached, it automatically sets the external display as the primary display.

About macOS GPU drivers

Mac hardware and GPU software drivers have always been deeply integrated into the system. This design fuels the visually rich and graphical macOS experience as well as many deeper platform compute and graphics features. These include accelerating the user interface, providing support for advanced display features, rendering 3D graphics for pro software and games, processing photos and videos, driving powerful GPU compute features, and accelerating machine learning tasks. This deep integration also enables optimal battery life while providing for greater system performance and stability.

Apple develops, integrates, and supports macOS GPU drivers to ensure there are consistent GPU capabilities across all Mac products, including rich APIs like Metal, Core Animation, Core Image, and Core ML. In order to deliver the best possible customer experience, GPU drivers need to be engineered, integrated, tested, and delivered with each version of macOS. Aftermarket GPU drivers delivered by third parties are not compatible with macOS.

The GPU drivers delivered with macOS are also designed to enable a high quality, high performance experience when using an eGPU, as described in the list of recommended eGPU chassis and graphics card configurations below. Because of this deep system integration, only graphics cards that use the same GPU architecture as those built into Mac products are supported in macOS.

Supported eGPU configurations

It's important to use an eGPU with a recommended graphics card and Thunderbolt 3 chassis. If you use an eGPU to also charge your MacBook Pro, the eGPU's chassis needs to provide enough power to run the graphics card and charge the computer. Check with the manufacturer of the chassis to find out if it provides enough power for your MacBook Pro.

Recommended graphics cards, along with chassis that can power them sufficiently, are listed below.

Thunderbolt 3 all-in-one eGPU products

These products contain a powerful built-in GPU and supply sufficient power to charge your MacBook Pro.

Recommended Thunderbolt 3 all-in-one eGPUs:

• Blackmagic eGPU and Blackmagic eGPU Pro⁴
• Gigabyte RX 580 Gaming Box⁴
• Sonnet Radeon RX 570 eGFX Breakaway Puck
• Sonnet Radeon RX 560 eGFX Breakaway Puck⁵

AMD Radeon RX 470, RX 480, RX 570, RX 580, and Radeon Pro WX 7100

These graphics cards are based on the AMD Polaris architecture. Recommended graphics cards include the Sapphire Pulse series and the AMD WX series.

Recommended Thunderbolt 3 chassis for these graphics cards:

• OWC Mercury Helios FX⁴
• PowerColor Devil Box
• Sapphire Gear Box
• Sonnet eGFX Breakaway Box 350W
• Sonnet eGFX Breakaway Box 550W⁴
• Sonnet eGFX Breakaway Box 650W⁴
• Razer Core X⁴
• PowerColor Game Station⁴
• HP Omen⁴
• Akitio Node⁶

AMD Radeon RX Vega 56

Running Mac Apps On Windows

These graphics cards are based on the AMD Vega 56 architecture. Recommended graphics cards include the Sapphire Vega 56.

Recommended Thunderbolt 3 chassis for these graphics cards:

• OWC Mercury Helios FX⁴
• PowerColor Devil Box
• Sonnet eGFX Breakaway Box 550W⁴
• Sonnet eGFX Breakaway Box 650W⁴
• Razer Core X⁴
• PowerColor Game Station⁴

AMD Radeon RX Vega 64, Vega Frontier Edition Air, and Radeon Pro WX 9100

These graphics cards are based on the AMD Vega 64 architecture. Recommended graphics cards include the Sapphire Vega 64, AMD Frontier Edition air-cooled, and AMD Radeon Pro WX 9100.

Recommended Thunderbolt 3 chassis for these graphics cards:

• Sonnet eGFX Breakaway Box 650W⁴
• Razer Core X⁴

AMD Radeon RX 5700, 5700 XT, and 5700 XT 50th Anniversary

If you've installed macOS Catalina 10.15.1 or later, you can use these graphics cards that are based on the AMD Navi RDNA architecture. Recommended graphics cards include the AMD Radeon RX 5700, AMD Radeon RX 5700 XT, and AMD Radeon RX 5700 XT 50th Anniversary.

To Do List App Mac

Recommended Thunderbolt 3 chassis for these graphics cards:

• Sonnet eGFX Breakaway Box 650W⁴
• Razer Core X⁴

Learn more

• Learn how to choose your GPU in Final Cut Pro X 10.4.7 or later.
• To ensure the best eGPU performance, use the Thunderbolt 3 cable that came with your eGPU or an Apple Thunderbolt 3 (USB-C) cable. Also make sure that the cable is connected directly to a Thunderbolt 3 port on your Mac, not daisy-chained through another Thunderbolt device or hub.
• If you have questions about Thunderbolt 3 chassis or graphics cards, or about third-party app support and compatibility, contact the hardware or software provider.
• Software developers can learn more about programming their apps to take advantage of macOS eGPU support.

1. If you have a Mac mini (2018) with FileVault turned on, make sure to connect your primary display directly to Mac mini during startup. After you log in and see the macOS Desktop, you can unplug the display from Mac mini and connect it to your eGPU.

2. If you're using a 13-inch MacBook Pro from 2016 or 2017, always plug eGPUs and other high-performance devices into the left-hand ports for maximum data throughput.

3. macOS High Sierra 10.13.4 and later don't support eGPUs in Windows using Boot Camp or when your Mac is in macOS Recovery or installing system updates.

4. These chassis provide at least 85 watts of charging power, making them ideal for use with 15-inch MacBook Pro models.

Show Running App Mac

5. Playback of HDCP-protected content from iTunes and some streaming services is not supported on displays attached to Radeon 560-based eGPUs. You can play this content on the built-in display on MacBook Pro, MacBook Air, and iMac.

6. If you use Akitio Node with a Mac notebook, you might need to connect your Mac to its power adapter to ensure proper charging.