Protect your Android from threats
with free Avast Mobile Security
Yes, Macs can — and do — get viruses and other forms of malware. And while Mac computers are less vulnerable to malware than PCs, the built-in security features of macOS are not enough to protect Mac users against all online threats. Keep reading for the full lowdown on Mac malware.
This article contains:
But Mac viruses are on the rise every year, as hackers are increasingly casting a wider net and developing malware specifically for Macs. In fact, a recent study found that Mac threats increased by over 400% year-over-year in 2019, outpacing Windows two to one.
Combine sharply rising numbers with a false sense of security, and you get a whole lot of vulnerable Mac users. But though Apple computers can get viruses, yours doesn’t have to be one of them. And remember, though many people use the term “virus” as a catchall for any form of malware, most digital threats out there tend to be different types of malware — which can certainly affect Macs.
Various things may go awry when your Mac is infected with a virus or other malware. While it can be tricky to detect the precise form of malware on your own, some of the more common symptoms include:
Slower performance: Your Mac — or specific apps — start to run unusually slow.
Ad attack: An influx of ads and pop-ups, especially on sites that don’t usually have them, spells trouble. Adware inserts ads all over the place, even when you’re not online.
Apps or other tools downloaded without permission: If you notice new apps, files, or browser toolbars that you didn’t install, that’s a red flag, as are unexpectedly changed settings such as a new homepage.
Disappearing storage space: Lots of malware will download and install files on your device without your permission. You’ll not only find these unwanted programs on your device, but the space available for trusted programs or apps will shrink. If you’ve noticed a sudden decrease in storage space, it could be a sign that your device has been compromised.
Strange behavior: If you’re getting redirected to spammy websites, or if your Mac is frequently crashing or freezing, a virus or other malware may be the cause.
Any one of these signs is not necessarily definitive, as there could be other issues going on. Slow performance, in particular, can be due to an overloaded Mac, so it’s a good idea to clean out junk and speed up your Mac to see if that fixes your problems.
So, what threats should Mac users currently be on the lookout for? Below is a list of the most common kinds of malware that threaten Mac computers.
Ransomware. The baddest malware on the block, ransomware takes files or even entire devices hostage. Hackers use ransomware to take over personal or potentially valuable files and demand payment in exchange for the files’ decryption or release.
Adware. This is a particularly annoying kind of malware that takes over your computer, inundating it with endless ads and pop-ups that can harm your device, track you, and impact performance. Avast blocked 41 million Mac adware threats in 2017 alone, showing that adware is one of the most common types of Mac malware out there.
Trojans. A Trojan horse is a kind of malware that, like its Greek eponym, finds its way onto your device by pretending to be harmless or even helpful. Meanwhile, in the background, it steals your data or downloads other malware onto the infected device. Mac Trojans often download additional hidden malware to your system like adware or rootkits.
Viruses. A computer virus is a piece of code that hijacks a device’s resources without the user’s permission. It then replicates itself and spreads across devices and networks, leaving a stream of destruction in its wake. On macOS, viruses are likely hidden in word document files (such as .DOC or .DOCX), and they spring to life as soon as you enable macros.
Spyware. Hackers use malicious spying software, or spyware, to gain access to browsing behavior, banking details, keystroke patterns, or other compromising personal information. The information gathered can then be used for identity theft or sold to third parties.
Rootkits. Rootkits bury deep into a device, acquiring root access to the machine. While not the most common form of Mac malware, rootkits have been possible on macOS ever since hackers developed the 2009 Mac-based Machiavelli malware.
Phishing. While not a form of malware, phishing is a type of social engineering wherein cybercriminals impersonate a brand or close connection to trick you into revealing sensitive personal information that can be used for identity fraud or monetary theft.
PUPs. Potentially Unwanted Programs usually come bundled with other software you download. From browser toolbars that track your internet history and show you ads to cryptomining programs that can hijack your device’s processing power, you almost never want a PUP.
The best way to defend yourself against all of the above threats is to install strong antivirus protection. Avast Security for Mac is designed specifically to guard your Mac against any kind of malware hackers might throw at you. And with extra protection against phishing attacks, malicious links and email attachments, PUPs, and unsecured Wi-Fi networks, you’ll be safe online no matter what you’re doing or where you connect.
The very first Mac virus dates back to 1982, and the history of Mac threats has continued up until today. As mentioned earlier, a virus is just one type of malware. While there have been many Apple viruses, there’s certainly been more than just viruses on Macs, including these more recent and infamous attacks:
In 2012, Flashback malware, a Trojan horse created to hijack users’ personal information, infected more than 600,000 Apple computers.
2016 saw the first strain of ransomware for Macs with the KeRanger malware. KeRanger encrypted user documents and data and demanded payment in Bitcoin to unlock the files.
By 2017, there were four additional notorious ransomware strains called Patcher, Proton-infected Handbrake, Proton-infected Elmedia Player, and BitCoin Ransom Thieves.
Around the same time, another Trojan called OSX.Proton opened a backdoor in thousands of computers to steal Mac users’ account credentials and download malicious files.
Also in 2017, criminals used phishing attacks to disseminate malware called DOK to Mac users.
In 2018, the OSX/MaMi malware struck and infected thousands more Macs by taking over computers’ DNS requests to spy on users’ browsing behavior.
Those are just a few notable examples of Mac malware. Unfortunately, there are thousands of threats every day aimed at Apple users.
Although Mac malware is rising sharply, Macs do have some excellent built-in security features that help protect them from threats.
Apple’s proprietary operating system, macOS, evolved from UNIX as a multi-user system. That means it was designed to restrict what any one user could do, which made it harder to attack with malware (compared to the Windows multi-user, easily-networked system). The UNIX-based system also means files cannot be executed by default.
When it was first developed, cracking macOS wasn’t impossible, but it required a different toolset and skills. But by now, cybercriminals have invested in those skills. In other words, Apple may have previously been a fortress on a secluded hill, but by now criminals have learned exactly how to get inside.
Another built-in security feature is the App Store, which uses a closed developer network to screen new apps. Before any new app is made available to download, the App Store requires a pre-checked Apple developer ID, proving that Apple has vetted the developer.
This check minimized — but did not eliminate — the risk of hackers sneaking malicious apps through the Apple App Store. Eventually some developers found ways to co-opt those IDs. So, starting in 2018, Apple started notarizing apps themselves before distributing them through the Mac App Store. If any downloaded applications aren’t notarized, the Gatekeeper feature prevents them from opening without user permission.
But that isn’t a foolproof method — instances such as the XcodeGhost Apple App Store attack resulted in 4,000 infected apps, demonstrating that no system is impenetrable.
Starting in 2010, Apple no longer pre-installed Flash and Java on new machines. Both applications were commonly used in early generation websites, but the applications also required frequent security updates. As a result, users who missed those updates were vulnerable to exploits. As the modern web moved toward HTML5 and away from Flash and Java, those applications were no longer essential, and Apple maintained a little extra security by not including them. (However, users who download Flash and Java on their own Macs are reintroducing this potential attack vector.)
Another Mac security feature is sandboxing. Instead of complete access to any of your user data, sandboxed apps are permitted to access the minimum amount of data required to perform their functions. That means apps don’t have access to other apps, the OS, or critical settings. Apple has required sandboxing of the apps in their app store since 2012. Critics complain that sandboxed apps are harder to develop and run more slowly, but they are less vulnerable to attack.
XProtect is a built-in security feature that checks and verifies downloaded apps against a list of known malware. The important word there is known malware — it does not cover the malicious code being newly developed every day. XProtect’s list of known malicious file signatures is far from comprehensive, because it checks against only a tiny fraction of the virus definitions used by more powerful, dedicated antivirus applications.
While PCs are open to nearly any third-party device, such as external keyboards and mice, Mac computers are mostly only compatible with Apple’s own hardware. That means you don’t have to install special drivers to use new Mac hardware. All Apple-related drivers and updates should come only from Apple itself, reducing the need to apply updates constantly or the chance that malicious code gets injected into a third-party driver update.
If you’ve noticed the performance of your Mac slipping or are seeing other signals that your device may be infected, you should take steps to remove the malware from your Mac. The type and severity of malware can vary drastically, so it’s important to act fast. But in many cases, you can get rid of the intruder without too much trouble, and your device will be back to normal in no time.
The most effective method for removing viruses and other malware from your device is to use a dedicated Mac virus removal tool. But be careful – don’t just download the first link that pops up in your search results, because hackers have been known to hide malware inside apps that look like antivirus software. That’s why it’s crucial that you use anti-malware tools built by brands you trust. Here at Avast, our developers work tirelessly to make sure Avast Security for Mac defends against whatever kind of malware hackers can come up with.
Malware isn’t something you should think about only after your device has been infected. For optimal protection of your data and your investment, you should make sure that you have robust Mac antivirus software to begin with. Prevention really is the most effective strategy.
As Macs become more and more popular, the incentives for hackers to target Mac computers will continue to increase. While cybercriminals have historically focused their attention on PCs, the tide is changing, and macOS’s built-in security features are likely to become increasingly under threat. That’s why it’s more important than ever that you protect your Mac by giving it an extra layer of security right out of the box.
Moreover, did you know that Mac users can unwittingly pass on Windows threats to their friends and family who use PCs? A smart Mac antivirus tool like Avast Security for Mac will block all forms of malware, so no one gets infected.
To ensure the safety and performance of your Mac, you should download and install the best possible anti-malware tool. Avast Security for Mac provides essential security with complete malware detection and prevention. And it runs silently in the background for around-the-clock protection. It also blocks phishing, unsafe websites, malicious downloads and attachments, and prevents invasive web tracking.
Greater security and more peace of mind — completely free — is just a click away.