How to Remove Malware from Mac: A Practical, Step-by-Step Cleanup Guide

Written by: Abigail Ivy
Published on:

How to Remove Malware from Mac

If your Mac is suddenly slow, showing pop-ups, or redirecting your browser, malware may be the cause.

This guide explains how to remove malware from Mac using safe, practical steps and how to reduce the chance of reinfection.

macOS includes strong security features such as Gatekeeper, XProtect, and the Malware Removal Tool, but adware, browser hijackers, and fake antivirus apps still slip through.

Knowing what to check first can save time and prevent you from deleting the wrong files.

What malware on Mac usually looks like

Not every performance problem means malware, but certain symptoms are common across adware, spyware, trojans, and browser hijackers.

Watch for unusual network activity, homepage changes, new toolbar extensions, unexpected login items, and repeated requests to install software you do not recognize.

  • Persistent pop-ups or fake security alerts
  • Browser redirects to unknown search engines
  • Unexpected apps in Applications or Launchpad
  • High CPU usage when no heavy app is open
  • New profiles or extensions you did not install
  • Battery drain, fan noise, or overheating

How to remove malware from Mac safely

Work through these steps in order.

They focus on isolating the problem, removing the malicious software, and checking the browser and system settings that malware often changes.

1. Disconnect from the internet

Turn off Wi-Fi and unplug Ethernet to stop data transfer, limit ad fraud, and prevent the malware from downloading more components.

If you suspect a remote-access trojan or credential theft, disconnect immediately.

2. Restart in Safe Mode

Safe Mode loads only essential system components and helps prevent many startup items from launching.

On Apple silicon Macs, shut down, then hold the power button until startup options appear, choose your disk, hold Shift, and click Continue in Safe Mode.

On Intel Macs, restart and hold Shift until the login window appears.

3. Uninstall suspicious apps

Open the Applications folder and remove software you do not recognize, especially apps installed around the time the problem started.

Drag the app to the Trash, then empty the Trash after you are sure it is not needed.

Also check for bundled utilities that often accompany adware, such as fake cleaners, download managers, or coupon assistants.

If an app refuses to quit, use Activity Monitor to force quit it first.

4. Check Login Items and background services

Malware often persists by launching at startup.

In System Settings, open General, then Login Items, and remove anything unfamiliar from both the open-at-login list and the background items list.

Review Activity Monitor for suspicious processes using unusual names or excessive resources.

5. Remove browser hijackers and malicious extensions

Browsers are frequent targets because extensions can redirect search traffic and inject ads.

In Safari, Chrome, or Firefox, inspect extensions, remove anything unfamiliar, and reset search engine and homepage settings.

  • Safari: Settings, then Extensions
  • Chrome: More tools, then Extensions
  • Firefox: Add-ons and themes

After removing extensions, clear browsing data and check whether your default search provider or new tab page has been altered.

6. Look for configuration profiles

Some Mac malware uses configuration profiles to control browsers, proxy settings, or device behavior.

In System Settings, search for Profiles or check Privacy & Security for any installed profile you did not expect.

Remove only profiles you do not recognize and that you did not receive from a workplace, school, or device administrator.

7. Use built-in macOS protections and a reputable scanner

Run Apple’s built-in security checks by updating macOS, then use a trusted anti-malware tool to perform a full scan.

Known security products can detect adware, trojans, and unwanted programs that manual review may miss.

Avoid random “Mac cleaner” apps, especially those that promise instant optimization or system protection.

8. Delete related files in Library folders

Some malware leaves behind launch agents, support files, or cache entries.

In Finder, use Go to Folder and review these locations carefully:

  • ~/Library/LaunchAgents
  • /Library/LaunchAgents
  • /Library/LaunchDaemons
  • ~/Library/Application Support
  • /Library/Application Support
  • ~/Library/Preferences

Delete only files tied to the suspicious app you removed.

If you are unsure, quarantine the file by moving it to a separate folder instead of deleting it immediately.

9. Update macOS and every browser

Install the latest security updates from Apple as soon as possible.

Malware commonly exploits known vulnerabilities, and updates can block reinfection paths that manual cleanup will not fix.

10. Change important passwords

If you entered passwords while the Mac was infected, change them from a clean device.

Prioritize email, Apple Account, banking, work accounts, and any password manager vault.

Enable two-factor authentication wherever possible.

How to tell whether the malware is gone

After cleanup, restart the Mac normally and observe it for a few minutes.

Confirm that pop-ups, browser redirects, unknown processes, and startup prompts are no longer present.

Reopen your browser only after extensions, homepage, and search settings look normal.

If symptoms return after a restart, the infection may still be tied to a hidden launch item, profile, or related app support file.

In that case, repeat the scan and review the login and browser settings again.

When a factory reset makes sense

Most adware and browser hijackers can be removed without erasing the Mac, but some cases justify a full reinstall.

Consider this if you suspect a trojan, persistent spyware, repeated reinfection, or tampering with key system settings.

Back up only essential personal files, avoid copying unknown apps or launch items, and reinstall macOS from Recovery if needed.

How to prevent malware on Mac in the future

Prevention is mostly about reducing exposure to fake installers, malicious extensions, and unsafe downloads.

Keep macOS current, install software from the App Store or the developer’s official site, and deny requests that ask for unnecessary permissions.

  • Do not bypass Gatekeeper warnings without verifying the source
  • Keep Safari, Chrome, and Firefox updated
  • Review extensions periodically and remove unused ones
  • Enable FileVault and strong login passwords
  • Avoid pirated software, cracked installers, and torrent bundles
  • Use a password manager and two-factor authentication

Common mistakes to avoid

Many cleanup attempts fail because users delete random files or install dubious “antivirus” tools that create more problems than they solve.

Another common mistake is skipping browser checks, even though adware often lives there after the main app is removed.

Do not ignore profile settings, login items, or background services.

These are among the most common persistence methods on macOS and are easy to overlook if you focus only on visible apps.

Signs you should get expert help

Get professional support if you see repeated credential theft, unknown remote access, missing files, or signs that someone else may have accessed the Mac.

You should also seek help if the Mac belongs to a business, contains regulated data, or the infection survives after Safe Mode cleanup and a reputable scan.