These instructions assume you are on a Mac. If your phone has malware, check the guides for Android and iOS. If you are on Windows, refer to F-Secure Labs’ instructions how to remove malware from a Windows computer.
Due to their smaller market share, Macs haven’t been the prime target for malware creators. As Macs have become more commonplace, so has malware. You can find all sorts of malicious trojans for macOS these days targeting credit card details, browsing behavior, bitcoin wallets or even your attention with annoying ads.
The simple answer for traditional malware is to run a full system scan on an internet security suite, such as F-Secure TOTAL and proceed according to its recommendations.
Your browser is the most central point of your online life, which makes it a tempting target for hackers. That is why much of Mac malware isn’t viruses – they are often malicious browser extensions. Check your browser extensions (Safari: main menu, Safari Extensions - Chrome: Window -> Extensions) and remove or disable all suspicious extensions.
Some extensions are straight up malicious, some just annoying. In the worst case they can snoop on you, leaking information on everything you do on your browser. They can also change the links you are seeing on your browser to point to either malware or insert affiliate marketing codes to your online purchases to benefit the malware creator. They could also change your default search engine without your permission.
To be safe in the future, you should protect your browser by using the browsing protection in F-Secure TOTAL to block malicious websites.
If you have a case of a more drastic malware infection, the most certain way to get rid of malware is to make a backup of your working files, wipe your computer and reinstall the operating system. You should not include applications or their extensions such as browser plugins in your backup, as you might transfer the infected files when you do a clean install of your system.
Very rarely, a rootkit based malware could survive a reinstall. Even those can practically always removed by wiping the disk using a data destruction software. This method is best left to the advanced users.
If the malware you encountered was a keylogger, just restoring from a backup is not enough. In that case you should change your essential passwords, especially to your email and social media accounts. Malware might have leaked your password to the hackers and that could lead to more problems as long as the passwords work. The worst case scenario is having access to your email, which can be used to reset all other passwords that are connected to your email. Keeping your passwords safe is therefore important. It is recommended to use a password manager, such as the one included in the F-Secure TOTAL suite.
When you have removed the malware, rescan your computer to make sure nothing was left behind. Update macOS, all browsers and your essential applications to make sure you don’t leave any vulnerabilities open.
Make sure you will not get infected again and get protected with F-Secure TOTAL. You can try it 30 days for free.
Get started with TOTAL in just a few minutes – try it free for 30 days, no credit card required.