What to Do if You Think You Have Malware on Your Mac
Posted on
by
Kirk McElhearn
It can be pretty scary to discover that you have malware on your Mac. If your computer is infected, your files, your personal data, even your identity is at risk. While malware on Macs is relatively uncommon, the number of threats to macOS are increasing, and it’s important to be aware of the signs of malware.
In some cases, your Mac’s behavior can alert you to potential malware infections. Your computer may slow down, you may see annoying ads and pop-up windows, you may notice an increase in internet traffic, and your web browser may take you to unwanted websites. You may also find that you cannot access your personal files; this happens when you’re infected by ransomware.
But in many cases, you won’t notice anything. Malware can be on your Mac, copying your files, recording your keystrokes, accessing your browser history, and installing nefarious software in the background.
The following are 9 things you can do if you think your Mac has malware. In the points below, you’ll also see some tips to help ensure that your Mac stays free of malicious software.
1. Back up your Mac
If you do have malware, it might already be too late, but the first step is to back up your Mac to prevent any data loss. You should back up your Mac regularly, using the 3-2-1 strategy, and you can back up your Mac using Apple’s Time Machine or Intego Personal Backup. No matter which option you choose, you should ensure that backups happen automatically and frequently. Ideally, you should have versioned backups, where your backup contains different versions of your files as they change over time. This way, you can go back to a specific date and find your files exactly as they were.
2. Verify your existing backup
If you regularly back up your Mac, you should immediately verify the integrity of your existing backup, to ensure that it is restorable. There are a number of ways to check your backups, and you should do this regularly, ideally every month. If your Mac is infected, you’ll need this backup to restore your important files, and even the operating system with all your apps and settings to save you time getting back to work.
3. Take your Mac offline
Much of today’s malware works with software on an infected computer that contacts a remote server. This server tells the infected Mac to send certain files, or it installs further malware on the Mac. You should immediately turn off the wi-fi or pull out the Ethernet jack on your Mac to prevent any remote command and control.
4. Scan your Mac for malware
If you already have Intego VirusBarrier X9, run a full scan of your Mac. If you don’t have real-time scanning active, you should turn it on; this checks every file that is copied, downloaded, or written to your Mac for malware. If you don’t have Intego VirusBarrier X9, you can download a free trial version of the app that will scan your Mac and tell you if you have known malware. If VirusBarrier X9 finds malware, it can delete the malicious files and give you a report.
5. Check your Downloads folder
Malware generally needs to be downloaded to your Mac to install, and sometimes this can happen behind your back. Check your Downloads folder, and see if there’s anything you don’t recognize. If you see any unfamiliar apps or disk images, don’t double-click them to see what they are; select their icons and press the space bar to see their names, and when they were downloaded. If you still don’t recognize them, you should delete them.
When you’ve done that, you should go to Safari’s General preferences and uncheck Open “safe” files after downloading. With this option enabled, some drive-by downloads – downloads that are initiated by a web page – may launch when they get on your Mac.
6. Change your Mac’s login password
It’s a good idea now to change your Mac’s login password. If malware uses a keylogger – software that records what you type – then this password may have been recorded. To do this, go to System Preferences > Users & Groups, then click Change Password.
7. Change your iCloud password
Your iCloud password is the second most important password you have, since it allows access to a great deal of personal data on multiple devices. As above, if malware recorded it as you typed it, your iCloud account could be compromised. To change this, go to System Preferences > Apple ID > Password & Security, then click Change Password. If two-factor authentication isn’t enabled, you should turn it on; that way no one can get into your iCloud account without an additional verification code, which is sent to your devices.
8. Change other important passwords
You have lots of important passwords for services and websites such as your bank, credit card provider, social media accounts, email, and much more. You should change all of these if you think your Mac has been compromised. If you use a password manager, you should use it to change these passwords, and also change its master password.
And this is a reminder to never reuse passwords on multiple sites or with different services. This episode of the Intego Mac Podcast discusses how to create secure passwords.
You should also check any credit or debit card accounts, and see if there are any unexpected charges; block the cards immediately if you find any.
9. Contact Intego support
If VirusBarrier X9 has not found malware, and you still have symptoms, get in touch with Intego support. They’ll be able to help you check your Mac more thoroughly, and they may even ask you for certain files to determine if you have new malware.
With the above steps, you’ll be able to act if you are infected with malware. Use your backups to restore macOS and your files, and you should be able to get back to work.
