Macs recruited into the botnet are infected with Mac.BackDoor.iWorm malware, which is being spread by a yet-to-be-discovered method. Once infected, Mac computers can be controlled by hackers who are communicating with infected machines using a unique medium - Reddit. The IoT malware that plays cat and mouse with Mirai. But infecting them with more advanced malware hardly seems like the answer to the problem of careless security. Mirai “internet of.

In this article, we will look at the most common Mac viruses and security flaws, how to detect them, prevent your Mac from getting them, and how to remove them.

The more macOS grows in popularity, the more lucrative it becomes to hackers and rogue programmers, and with no anti-virus, your MacBook is at risk of attack. Viruses on Mac are more common than you might imagine. We’re going to run through known Mac viruses, malware, and security flaws and show you how to keep your computer safe using CleanMyMac X.

Something to note before we continue: a virus is a type of malware, capable of copying itself and spreading across a system. Malware is a blanket term for a wide range of malicious software including adware, spyware, ransomware, and Trojans. So all viruses are malware, but not all malware are viruses if that makes sense?

Okay, let’s dig in.

How a Mac virus infects your system

How does a Mac virus find its way onto your system in the first place? Typically with a helping hand from you.

Apple viruses rely on you downloading a program, clicking a link, or installing an app or plugin.

The most common ways for malware to infiltrate your computer is through third-party browser plugins like Adobe Reader, Java, and Flash, or by using a Trojan horse or phishing scam — an app or email that appears to be from a legitimate source, but is in fact fraudulent. The moment you click on a link and enter details or download the seemingly genuine app, you give the green light for a virus to infect your system.

The best way to avoid a virus on Mac is to be vigilant. Double check every app that you want to download and every email that you receive before following through on an action. If something seems off, there’s every chance that it is.

However, as you’ll see from some of the viruses, in certain cases even vigilance can’t protect you.

An X-ray of a Mac virus: Here is what it looks like

Below is an executable command of an adware code. As you can see it aims to 'download offers' that users see on their computers

Known Mac viruses

1. Microsoft Word macro viruses

What’s that, a Microsoft program bringing its virus-riddled programs over to Mac? Unfortunately, yes.

Macros are commonly used by Word users to automate repetitive tasks and they're a prime target for Malware peddlers. Macro support on Mac was removed by Apple with the release of Office for Mac back in 2008, but was reintroduced in 2011 meaning files opened with macros enabled could run a Python code to log keystrokes and take screenshots of personal data.

In 2017, Malwarebytes discovered malware in a Word document about Donald Trump to the worry of Mac users. However, the chances of being infected rely on you opened that specific file, which is slim.

A warning message that Apple displays anytime a file contains macros should be enough to keep you safe from Word macro viruses.

2. Safari-get

Safari-get is a denial-of-service (DoS) attack that began targeting Mac in 2016. The malware is hidden behind a link in a seemingly genuine tech support email — you click on the link, the malware makes itself at home on your computer.

What happens then depends on whether you’re running macOS 10 or 11. The first variant takes control of the mail application to force create multiple draft emails. The second force opens iTunes multiple times. The end goal for both is the same: overload system memory to bring your Mac to its knees so that you call up a fake Apple tech support number and hand over your credit card details to a bogus team on the other end of the line.

MacOS High Sierra versions 10.12.2 and above include a patch for this vulnerability, so updating your machine should keep you safe.

3. OSX/Pirrit

OSX/Pirrit is a virus that is able to gain root privileges to take it upon itself to create a new account and download software that you neither want nor need. The virus was found by Cybereason to be hidden in cracked versions of Adobe Photoshop and Microsoft Office that are popular on torrent sites.

A stark reminder, if ever you needed one, to never download pirated software!

Known Mac malware

1. OSX/MaMi

OSX/MaMi holds the distinction of being the first macOS malware of 2018. It targets Mac users with social engineering methods such as malicious emails and website pop-ups. Once it’s made its way onto a system, the malware changes DNS server settings so that attackers can route traffic through malicious servers and intercept any sensitive data. MaMi is also capable of taking screenshots, downloading and uploading files, executing commands, and generating mouse events.

The Hacker News provides instructions on how to identify the virus on your system:

“To check if your Mac computer is infected with MaMi malware, go to the Terminal via the System Preferences app and check for your DNS settings—particularly look for 82.163.143.135 and 82.163.142.137.”

2. OSX/Dok

This piece of Malware is a worrying one in that it is signed with an Apple-authenticated developer certificate, thus allowing it to bypass Mac’s Gatekeeper security feature and XProtect. Like OSX/MaMi, OSX/Dok intercepts all traffic (including traffic on SSL-TLS encrypted websites) moving between your computer and the internet to steal private information.

Since it arrived on the scene in April 2017, Apple has revoked the developer certificate and updated XProtect, however, it remains one to look out for.

3. Fruitfly

Fruitfly malware has stolen millions of user images, personal data, tax records and “potentially embarrassing communications over a 13 year period by capturing screenshots and webcam images. Researchers are unsure how the near-undetectable “creepware” finds its way on to Mac systems and while Apple has been working to patch the issue, it’s unknown if newer versions still exist in the wild.

4. X-agent

X-agent is classic malware capable of stealing your passwords and iPhone backups and taking screenshots of sensitive data. It has mainly targeted members of the Ukrainian military, which is very bad, of course, but if you're not a member of Ukrainian military you’re unlikely to be affected.

5. MacDownloader

While its name suggests it could be a useful app, MacDownloader is a very nasty piece of malware programmed to attack the US defense industry. It’s hidden inside a fake Adobe Flash update and shows a pop-up claiming your system is infected with adware. By clicking on the alert and entering your admin password, MacDownloader lifts sensitive data, including passwords and credit card details, and sends it to a remote server.

MacDownloader is designed to attack a particular audience, but it’s worth checking for updates on Adobe’s official website before installing any new version of Flash.

6. KeRanger

LITE ON LH 18A1P DRIVER FOR MAC June 5, 2018 by admin The LiteOn benefits extended further, including a well-documented way to reset the RPC region control lockout settings, and ways to flash back to RPC-1 if necessary. Unable to backup firmware and check media compatibility list. LITE-ON offers an array of optical disk drives (ODD) from DVD-ROM, DVDRW to Blu-ray Drives meeting the needs for various applications. Whether you are building a gaming PC, desktop PC, or laptop, Lite-On has the perfect storage solution for you. This will help if you installed an incorrect or mismatched driver. Problems can arise when your hardware device is too old or not supported any longer. LiteON Firmware LiteON LH-18A1P LH-18A1P Firmware LiteON LH-18A1P Optical Drive. Lite on dvdrw lh 18a1p driver for mac.

KeRanger is macOS’s first introduction to ransomware — malware that encrypts system files and demands a ransom to decrypt them. It was bundled in with the torrent client Transmission version 2.90 and installed at the same time, using a valid Mac app certificate to sneak through Apple security. Once document and data files are encrypted, KeRanger demands payment in bitcoin for the malware to be removed.

Transmission has released an update to remove the malware and Apple has removed KeRanger’s GateKeeper signature to protect users. If you’re using Transmission 2.90, head over to the Transmission website to download the latest update.

Known Mac security flaws

1. Goto fail bug

The Goto fail bug was a bit of an embarrassing one for Apple in that the security flaw was as a result of its own doing. A bug in Apple’s SSL (Secure Sockets Layer) encryption meant that a Goto command was left unclosed in the code, thus preventing SSL from doing its job to protect users of secure websites. The flaw put communications sent over unsecured Wi-Fi (the hotspots you use at the mall and in coffee shops) at risk, allowing hackers to intercept passwords, credit card details, and other sensitive information.

Apple has since patched the issue on macOS, but it certainly makes you think twice about how you browse the web on your MacBook in a public place.

2. Meltdown and Spectre

In January 2018, it was announced that there was a flaw in Intel chips used in Macs, giving rise to the dastardly duo of Meltdown and Spectre.

From Apple:

The Meltdown and Spectre issues take advantage of a modern CPU performance feature called speculative execution. Speculative execution improves speed by operating on multiple instructions at once—possibly in a different order than when they entered the CPU. To increase performance, the CPU predicts which path of a branch is most likely to be taken, and will speculatively continue execution down that path even before the branch is completed. If the prediction was wrong, this speculative execution is rolled back in a way that is intended to be invisible to software.

The Meltdown and Spectre exploitation techniques abuse speculative execution to access privileged memory—including that of the kernel—from a less-privileged user process such as a malicious app running on a device.

Meltdown and Spectre affects all Mac systems, but Apple insists there are no known exploits currently impacting customers. macOS 10.13.2 and above includes a patch to protect against both flaws.

3. High Sierra “root” bug

As far as security flaws go, High Sierra’s “root” bug is a pretty big one. The flaw, which was discovered by software developer Lemi Orhan Ergin, allowed anyone to gain root access to a system by leaving the password field blank and trying multiple times in a row. So, anyone with physical access to your system, or access via remote desktop or screen-sharing, could type in “root” and hit enter a few times to gain full control of your Mac. Scary thought, huh?

Apple has recently released an official fix for the flaw, but it’s worth taking care about who shares access privileges on your Mac.

How to recognize a virus on Mac

So how do you spot a virus on your MacBook Pro or iMac? In the case of ransomware like KeRanger or a DoS attack like Safari-get, the issue is in your face. With other malware, however, the infection is less obvious.

A few of the tell-tale signs include:

• Unexpected system reboots
• Apps closing and restarting for no reason
• Browsers automatically installing suspicious updates
• Web pages obscured with ads
• Drop in system performance

How to avoid a virus on Mac

We briefly covered this at the top of the article, but there are measures you can take to help safeguard your system:

• Always check the source of an email by looking at the address of the sender
• Avoid pirated software
• Avoid software and media downloads from torrent clients
• Avoid apps or pop-ups that ask you to “fix” an infected Mac
• Never download codecs or plug-ins from unknown websites
• How to remove a virus on Mac

If you suspect a Mac virus has infected your system, it’s important to address the problem immediately. There are two ways that you can do this: manually or with CleanMyMac X.

How to remove a virus on Mac manually

To remove a virus manually, the first thing to do is find out what’s causing the problem.

The chances are it could be a downloaded file, so go to your Downloads folder and search for .DMG files. If the file is unfamiliar, delete it and empty the Trash.

If an app is the issue, go to your Applications, drag the icon of the culprit to the Trash bin and empty the Trash immediately.

Both of these methods offer a quick fix, but neither is the most comprehensive of solutions. The way in which viruses work means that the infection could have spread to system folders. If the problem persists, opt for the more robust CleanMyMac 3.

How to remove malware on Mac with CleanMyMac X

CleanMyMac X is designed to detect and remove malware threats from your Mac, including adware, spyware, ransomware, worms, and more.

The Windows Phone 7 Connector for Mac 1.0 is now available via the Mac App Store. For more details go here. Windows Phone 7 Connector for Mac is a new software application that enables you to synchronize your favorite music., videos., photos. and podcasts. from iTunes and iPhoto. File download windows phone 7 connector for mac free.

If malware is lurking within your Mac, it won’t be after CleanMyMac is done with it.

1. Download CleanMyMac X (free download) and launch the app.
2. Click on the Malware Removal tab.
3. Click Scan.
4. Click Remove.

This app is actually notarized by Apple so you are safe using it. Speaking of malware, it has a real-time monitor that keeps an eye on your Launch Agents. If an unkown app tries to add itself into your system folders, you'll get an instant notification from CleanMyMac X.

Keep your Mac virus-free

For the most part, using a Mac is a pleasant, malware-free experience, but no computer is ever 100% virus-free. Keeping abreast of known Mac viruses so that you know what to look for and airing on the side of caution when downloading software will help keep your system running smoothly. And if a rogue app does make its way on your system, keep CleanMyMac X close to hand to remove it immediately and completely.

These might also interest you:

Part of my weekend job at the computer store involves supporting the customers who come with Macs that aren't working right. And more and more of these Macs are coming in with ad injection software installed. That causes them problems when they try to do just about anything with their web browser. Here's more about ad injection software and what to do about it.

Ad injection software displays pop-up ads and advertisements when you try to visit a web site. It can load up a web page automatically when you open your browser, create a new tab or open a new window. It also can redirect your search queries, causing your web browser to go to a different site instead of Google, Bing, Yahoo or the search engine of your choice — often a site with more embedded ads. You'll know when you have an adware problem on your Mac, because your web browser just won't work the way it's supposed to.

Most of us will go to our web browser's Preferences menu to try to fix the problem: We'll try to set the search engine to what we prefer, set the home page to an empty page or one that we'd prefer, then close the preferences only to find that they haven't been changed, and that the behavior has continued.

That's because the ad-injection software — adware — has hijacked the web browser. And that software needs to be removed in order for the web browser to work the way it's supposed to.

But I didn't think Macs got viruses

Strictly speaking, Macs don't get actual bonafide computer viruses, at least not ones that are out 'in the wild' (i.e., in actual distribution). Without getting into semantic differences between viruses and malware and adware, let me just clarify: Macs aren't immune to malware or adware, and never have been. For a very long time Mac users grew accustomed to thinking that they were impervious to the same sort of malware issues that PC users had.

In truth, very few Macs get any sort of problems with viruses or malware. That's because OS X is a different operating system from Windows, and many malware and adware developers exploit security problems in Windows, which still makes up the vast majority of computers used in the world. If you're trying to engineer software that will distribute widely, you go for the broadest possible population.

Unfortunately, some adware and malware does find its way onto the Mac. Fortunately, Apple provides a certain level of built-in protection, which we'll look at next.

OS X and Gatekeeper

In Mountain Lion (OS X 10.8) and newer, Apple has provided anti-malware software it calls Gatekeeper, which is built into the Security & Privacy system preference.

You won't see 'Gatekeeper' listed anywhere, but you'll know its presence, right at the bottom of the General pane in the Security & Privacy system preference. Gatekeeper keeps software that doesn't belong on your Mac at bay by restricting what applications can be run.

You have three options for how to restrict the downloading of applications. You can specify that only apps downloaded from the Mac App Store can be run; the Mac App Store and identified developers; or anywhere.

Keeping it set to Mac App Store is the most safe. This prevents any apps from running unless they were downloaded directly from the Mac App Store, which Apple manages and checks.

Anywhere is the least safe; any application from anyone can be run on your Mac. Mac App Store and identified developers offers an additional measure of protection, because only apps made by developers with certificates signed by Apple can be executed.

This isn't foolproof, however — recently there was a spate of malware infestation on the Mac from China; Chinese Mac users who had downloaded pirated versions of Mac apps found their machines were infected with the 'WireLurker' malware.

Rene is fond of saying that there's a battle between security and convenience, and that's demonstrably true here. While Apple tries to keep malware at bay through the development of Gatekeeper, it does offer you the option of not using Gatekeeper, or setting it up so you can override it if you're determined to. And that's most often when problems happen. If you override Gatekeeper's settings, you're making your Mac more susceptible to problems like adware injections, plain and simple.

Don't download what you don't know

The moral of the 'WireLurker' story is to be very, very wary of software whose origins you can't confirm. It's tempting to click on free software downloads, and it's enticing to think that you'll get something for nothing. But there's the old adage about it being too good to be true, and this is sometimes the case with free software from suspicious web sites.

Pirated software sites certainly aren't the only way to get adware and other forms of malware downloaded to your Mac, though. Sometimes they'll disguise themselves as 'extensions' that you'll load into Safari, Firefox, or Google Chrome web browsers. So be wary of those too. My rule of thumb is to only add extensions to Safari that Apple has listed in its Safari Extensions gallery. You can also access this by clicking the Safari menu and selecting Safari Extensions.

I have adware installed. What do I do next?

Even if your Mac has been infected with adware, it's possible to remove it: You just have to know where to look. Check your web browser's extensions list. If you see anything installed by Spigot Inc., GoPhoto.it or Omnibar, remove it.

If that fails to work, you may have to go hunting through your Mac's system library folder for additional files that are contributing to the problem. Apple actually provides good instructions for doing this: they have a knowledgebase article that documents the most likely spots where adware can hide on your Mac, and provides step by step instructions for removing it.

If that looks like too much work, and you'd like to find a faster way to deal with it, check out AdwareMedic. It's free to download and it does a pretty good job of finding adware that doesn't belong on your Mac, giving you the option of getting rid of it. It's 'donationware,' so if you find it useful, make sure to throw the developer a few dollars.

AdwareMedic won't keep adware from getting installed on your Mac, however - it only removes it if it's already there. If you'd like to install a more proactive line of defense, there are a couple of options you might want to consider: ClamXav, a free anti-virus tool for the Mac, and Intego Mac Internet Security X8, a commercial application. Both can eradicate adware when they find it, and both can be set to actively monitor your Mac to make sure other adware doesn't find its way onto the Mac.

Hopefully this will get you on the path back to getting your Mac in tip top shape. If you still run into problems you can't solve, you're welcome to post comments here. You can also email me at machelp@imore.com. Or take your Mac in to your friendly neighborhood Apple Store or Apple-authorized service provider, where a Mac technician can try to help you sort things out as well.

We may earn a commission for purchases using our links. Learn more.

U.S. and Afghan forces successfully captured insurgents using an iPhone app

When their specialist kit failed, soldiers turned to an iPhone to get the job done.