How to Remove Malware From Mac: Step-by-Step Guide

Has your Mac been acting strange lately? A malware infection might be the cause. 

Although Macs are designed to be secure, they are not immune to viruses and malware. The same goes for other Apple devices too – iPhones do get viruses and other forms of malware, even if many users assume Apple products are fully immune. According to Kaspersky, 29% of Mac users were targeted by different types of threats in 2025 – just behind Windows users at 48%.

That means you can’t ignore the warning signs. Malware might slow down your Mac or it might steal your passwords and credit card details. 

The good news is that there are steps you can take to detect and remove malware before it causes irreversible damage.

Signs Your Mac Is Infected With Malware

If your Mac shows one or a combination of the following symptoms, there is a high chance that it has been infected with malware. 

• Sluggish performance: Infected Macs tend to freeze unexpectedly or take a long time to launch applications.
• Unwanted pop-ups: A sudden, high volume of advertisements is another sign of malware infection.
• Frequent redirects: Malware may also modify the settings of your default browser and constantly redirect you to unrelated or suspicious websites. 
• Unfamiliar apps: The sudden appearance of apps or files you do not remember installing is a major red flag. 
• Disabled security settings: Sophisticated malware often hides its presence by disabling security tools like the firewall and antivirus software. 

How to Remove Malware From Your Mac Step by Step

You can use a combination of tools and manual steps to remove malware from your Mac. Here are the usual steps:

1. Disconnect From The Internet

Hackers often rely on the internet to spread malware and control the files on your system. 

If your Mac starts acting up or new programs appear on your computer, disconnect it from your Wi-Fi network and any cables used to connect to the internet. 

Taking this step will cut off communication between the malware and its source and help prevent further damage.

2. Check Activity Monitor

Activity Monitor is macOS’s native tool for checking system performance. It provides users with insights into the network activity, memory usage, and disk activity of different tools and apps. Checking Activity Monitor can help you identify malware by revealing unusual processes consuming excessive bandwidth or CPU power.

Here are the steps:

1. Click Applications > Utilities > Activity Monitor or press Command + Spacebar and type Activity Monitor into Spotlight to access the tool.
2. Click the View menu and choose All Processes to bring up all apps and system files currently running on your computer.
3. Click the %CPU column to sort processes by usage. Excessively high usage by an unknown app may indicate the presence of malware.
4. Click the Network tab to identify any suspicious connections. Hackers often use these to send data from your computer to external servers.
5. Force quit suspicious or unknown apps by clicking the X button on the top-left and choosing Force Quit.

3. Delete suspicious files

Take note of the applications on your Mac and delete anything that looks unfamiliar. 

Open the Finder tool and click on Applications to get a list of installed programs. Then review this list to look for fake malware removal tools, system cleaners, and Flash updates. 

You’ll want to be wary of names like Mac Auto Fixer and System Optimizer Pro, as those apps are just malware disguised as legitimate optimization tools.

Delete whatever app you find suspicious by moving it to Bin and then emptying Bin. If there’s a folder available for that app, search through it to see if an Uninstaller is available – it’s the best way to delete the program and any support files it may have created on your system.

4. Run your Mac in Safe Mode

Safe Mode is a special diagnostic mode on Mac computers that loads only the essential software needed to run the system. Enabling it prevents most third-party apps and login items from executing, meaning you can troubleshoot the computer without interference from potential malware.

The steps to enter Safe Mode vary depending on the processor used by your particular Mac. You can check which processor it uses by clicking the Apple icon in the menu bar and choosing About This Mac.

If the first line says Chip, your Mac is using the Apple Silicon processor. Entering Safe Mode on it requires shutting down the computer, then restarting it and holding the power button until the login window or startup options appear. Then choose boot volume (drive), press and hold the Shift Key, and choose Continue in Safe Mode. 

If About This Mac says Processor, you’re using an Intel-based Mac. In this case, power on or restart your Mac and then immediately hold the Shift key until the login window or startup options appear. You’ll then see an item saying “Safe Boot” in the menu bar, which is a confirmation that you’ve entered Safe mode.

5. Run a Malware Scan

Perhaps the most effective way to detect and remove malware is to use a malware scanner. Some good options for Mac users are Bitdefender Antivirus for Mac and Malwarebytes for Mac. Download and install the application on your computer and then follow these steps to check for malware:

1. Grant the scanner full access to your Mac’s disk by going to System Settings > Privacy & Security > Full Disk Access and enabling the toggle.
2. Open the app and run a full system scan.
3. Wait for the scan to complete. This may take some time depending on the amount of data on your Mac.
4. Review the results and quarantine or remove any detected threats.
5. Restart your Mac if prompted to complete the removal process.

What to Do If Malware Removal Is Unsuccessful

If you’re unsuccessful in removing the malware with the steps above, try performing a factory reset. This involves erasing all the data on your Mac’s hard drive and reinstalling the operating system software from scratch. 

Go to System Settings on your Mac and select Erase All Content and Settings. Doing this will delete everything – including any infected files, photos, and documents – and get your Mac back to its original, malware-free state. 

What about the non-infected files that were also deleted during the process? You can restore them from an earlier backup, provided that it was created before the malware found its way into your machine.

If you are using an older Mac (before macOS Monterey), the “Erase All Content and Settings” feature may not be available. In this case, you can use the Disk Utility option to erase the entire Macintosh HD startup disk. Disk Utility wipes 100% of your drive, including all hidden partitions and containers, to remove malware from the root of your system. Then you can follow Apple’s instructions on how to reinstall macOS. 

How to Protect Your Mac From Future Malware

Mac malware is only going to get more sophisticated as hackers come up with new ways to bypass Apple’s security protections. Because malware can modify browser settings as well as affect system performance, prevention should focus not just on file safety but also on browsing security. To minimize your chances of future infection, take the following steps to improve your Mac’s security:

• Use passkeys instead of common passwords where possible, as they are phishing-resistant and secured by the Mac’s Secure Enclave.
• Turn on automatic updates to make sure you’re always installing the latest patches for known vulnerabilities.
• Avoid operating your Mac as an administrator to prevent malware from automatically gaining permission to change system settings or install itself.
• Carefully read reviews before installing apps from the App Store, and strictly avoid installing any from unverified sources. 
• That same principle applies to iPhones, where avoiding unofficial downloads and sticking to trusted sources significantly reduces the risk of malware infections.
• Encrypt your traffic with a VPN, especially when browsing on public Wi-Fi networks like those in hotels and coffee shops.
• Use Time Machine to back up your data locally and another solution for accessible, cloud-based backups.

Frequently Asked Questions