How To Scan Mac For Malware

  

  1. How To Scan Mac For Malware
  2. How To Scan Mac For Malware Free
  3. How To Scan For Malware On A Mac
  4. How To Scan A Mac For Malware
  5. How To Scan My Mac For Malware
  6. How To Scan Mac For Malware

Click the Scan icon then once the application opens and it will begin to perform a scan of your Mac. Fortunately the scan only takes a fewmoments depending on your hard drive size and will quickly inform you if you have any Malware to remove. If you have malware, the program should be able to remove what is there. Scanning your Mac for malware should never require pulling out your credit card. Unfortunately, Mac malware can disguise itself as a removal tool, demand payment in exchange for protecting your computer. Don't accidentally get tricked into. How to Scan for Malware on the Command Line DetectX Swift has the ability to do command line searches for issues on your Mac like malware, keyloggers, browser hijacks and potentially dangerous software, and there’s a number of extra options that are not available when using the user interface. If you want to remove malware, spyware, and other garbage software from your Mac, we recommend you download and run Malwarebyes. The free version is fine if you just want to check for and remove malware. If you want something that runs in the background, automatically scans your downloads, and monitors your system, you’ll want the paid version.

DetectX Swift has the ability to do command line searches for issues on your Mac like malware, keyloggers, browser hijacks and potentially dangerous software, and there’s a number of extra options that are not available when using the user interface. In this post, I’m going to give you a quick tour of the CLI (Command Line Interface) tool with some examples of how to use it (if you haven’t yet grabbed a free copy of DetectX Swift you might want to do that first to play along).

Prerequisite

Ensure that DetectX Swift and the Terminal have Full Disk Access if you’re using macOS 10.14 Mojave or higher. This is required so that DetectX can search various folders within your User Library for suspicious or malicious files. More info on how to enable Full Disk Access can be found here.

Malware

1. Basic scan
Let’s start with a basic scan. To use the CLI search, you need to specify the full path to the app executable. In this example, let’s suppose that the app is in /Applications folder. In that case, you’d need to execute this on the command line:

/Applications/DetectX Swift.app/Contents/MacOS/DetectX Swift search

Since that’s a bit of a handful, even using tab completion, you might want to edit your .bash_profile to include a shortcut alias. Here’s mine:

sphil@sphils-iMac-5:~$ cat .bash_profile

alias sudo='sudo '

How

alias detectx='/Applications/DetectX Swift.app/Contents/MacOS/DetectX Swift'

Note the sudo line (and note the extra space in the value). We’re going to need that so that we can pass the alias to sudo when we want to pass certain options to the search. Like…

2. Scan other users
Probably the most important benefit you gain with scanning on the command line rather than from the app’s interface is the ability to scan all, or selected, other users. You can search all users by using sudo and the -a option:

sudo detectx search -a

If you want to restrict the search to one or more users, the -u option allows you to specify a list of shortuser names (comma-delimited):

sudo detectx search -u alice,bob

3. Go deep
If you’d like more verbose output, including how long the search took, try either the vsearch or vvvv commands:

sudo detectx vvvv -a

4. Save the results
You can specify a path to output the results, either in regular text:

sudo detectx vvvv -a ~/Desktop/searchtest.txt

or, by passing the extra -j option, in JSON format:

sudo detectx search -aj ~/Desktop/searchtest.json

Here’s an example of what the formatted JSON file looks like:

5. Anything else?
There’s a help command that will output the documentation to the command line, and also if you get into the habit of regularly running command line checks, don’t forget to launch the app from time to time in the Finder. Like its predecessor, DetectX, DetectX Swift does a lot of other stuff besides searching that can help track down and remediate problems with your mac, and a large part of that revolves around the way it tracks changes to your system every time you launch it. The CLI tool runs independently of that and won’t give you that kind of feedback or record those changes.

Enjoy! 🙂


Did you ever think viruses, malware, or adware would affect your Mac someday? It is a question I sent out to a group of normal Mac users a few weeks ago. But the result that I got back was unexpected. The most common answer I received was: 'I have not even thought about that.', 'No computer virus on Mac.', or 'macOS isn't afraid of viruses or hacker attacks.' Many members consistently affirm that macOS is a closed system, and does not get viruses or any malicious programs. These users do not really care about downloads and use any antivirus or internet security for Mac.

Unfortunately, that is not entirely correct. I cannot deny that Apple was doing very well in the security field to protect macOS. They are developing and adding many new features to fight against viruses and malware. But nothing is perfect, and there are still undiscovered security flaws that hackers may exploit. Many dangerous Mac viruses and malware have been discovered in the past, which you might not know about yet, such as Leap, Flashback, Krowi, or Eleanor.

  • Leap was a Trojan-worm and used Apple iChat to spread in 2006. iChat is an instant messaging application that was first released by Apple in August 2002. It was discontinued in February 2012 and replaced by Messages. Once Leap installed, it recently infected opened Mac apps and made them unusable.
  • Krowi was malware that was packaged in most free and cracked versions of Apple iWork 2009 and Adobe Photoshop for Mac. Once installed, it connected to a specific remote server and waited for commands to action. Hellrts was also another malware with the same function, packed in pirated versions of Apple iPhoto in 2010. Both malicious programs planted backdoors into Mac computers, allowing hackers to access without passwords.
  • Intego discovered Flashback malware in September 2011, and so far, it has 14 variants. By exploiting a Java vulnerability, this malware accessed the user's Mac computer when they clicked into a malicious link. The first version of Flashback came inside a modified Adobe Flash installer, while the latest version pretended to be a Software Update prompt. Flashback harvests users' information like usernames, passwords, and other data.
  • CrescentCore was Mac malware disguised as an Adobe Flash Player installer. It was even displayed in Google Search results and available to download from several websites. Instead of installing Adobe Flash player as the user expected, this malicious application installed either an app called Advanced Mac Cleaner, a LaunchAgent file, or a Safari extension. CrescentCore easily bypassed Apple's Gatekeeper because a known developer signed it. It is the best example to show you a case that macOS could not prevent all sorts of bad apps.
  • CookieMiner focuses on the cryptocurrency field and uses your Mac computer to mine a variety of assets. It also steals login credentials to gain access to your cryptocurrency wallets or exchange accounts. Besides, CookieMiner accesses backups of text messages in iTunes to obtain critical information to bypass two-factor authentication. If you are working in this field, be aware of this malware and similar apps. Ensure that you have enabled two-factor authentication on every account with software or even hardware.
  • Discovered by Bitdefender researchers, Eleanor ('EasyDoc Converter.app') was designed as a 'drag and drop' file converter application but had no real functionality. Instead, it quietly installed a backdoor into your Mac system. This backdoor grants full access to macOS operating system, shell execution, file explorer, sends emails, webcam image, video capture, and much more. I would recommend you only download Mac apps from trusted sources. If you can't trust any websites, then the Mac App Store is the right place to go. In that case, you should also only allow apps from the Mac App Store and identified developers to run on your Mac computer.

Luckily, most of the discovered Mac viruses and malware don't cause widespread disaster. It's time to change your mind, cease an age-old belief that your Mac doesn't get viruses and malware. The truth is that Microsoft's Windows operating system takes roughly 77% of the market, which makes it a better piece of cake to attackers. Meanwhile, Apple's macOS operating system makes up about 16% of the share, according to the statistics in October 2019. But who knows, it's never too late to protect your Mac computer.

Table of Contents

What Is The Difference Between Malware And Virus?

What is malware? What is a virus? Is malware the same as a virus?

You have probably heard about 'malware' and 'virus' before, and I'm sure both terms are frequently mentioned around you. They are often used interchangeably in many aspects. However, malware and virus are technically different.

What is malware?

Simply put, malware is a combination of 'software' and 'malicious' parts. It implies that this type of program is quite harmful and designed to serve malicious intent. Malware could be present on your computer, smartphone, tablet, or even on your website. Depending on the purpose, attack pattern, or target, malware can categorize into a specific category.

Types of Malware

How many types of malware do you know? It depends on how we categorize them. From computers to smartphones and smart TVs, from websites to email and instant message applications, there is malware for everything. But basically, malware is categorized under these common categories:

  • Worm

This is a standalone program that can self-replicate and spread across the entire network. Worms spread from one device to another by exploiting vulnerabilities in the infected system. It also spreads through an attachment in your email, often camouflaged as a legit file. Robert Tappan Morris created the first worm called the Morris worm in 1988 to highlight security flaws. Regrettably, it replicated itself rapidly and spread across the Internet.

How To Scan Mac For Malware

Mac
  • Trojan

Trojans are a type of virus that can camouflage as a safe program or hide in another program. Therefore, most users open them without a doubt. In most cases, trojans can camouflage as a file or program that users incredibly desire and can't resist. It can't self-replicate, so it needs a transport device to spread from one system to another. The primary purpose of trojans is to collect the personal and financial details of users and then steal their money. It can be programmed to control and take over the resources of an extensive host system or network.

  • Ransomware

Ransomware is an advanced type of malware and works as its name. It infects your computer and encrypts all crucial files and then demands users to pay a ransom to get those files back. Sometimes, your computer screen might show a pop-up warning that says it has locked your computer. You can access it only after paying a specific fee. The more the cryptocurrency market grows, the more ransomware appears (*). Bitcoin, in particular, or other cryptocurrencies, is the best payment method that attackers prefer because it ensures anonymity.

Note: This is a subjective opinion of the author and does not reflect the entire cryptocurrency field.

  • Adware

Adware is software to support advertising and display advertisements on users' computers or smartphones without permission. It forces users to view ads involuntarily. Adware is programmed to collect users' cookies and behaviors and then display related ads. The most annoying thing is that it attacks you with tons of pop-ups. The creator writes this kind of malicious program to generate revenue from the advertising network.

  • Spyware

This sort of malware spies on you and track all activities, gathering all sensitive information and vulnerabilities for a future attack. It is hard to detect spyware based on symptoms because it's hidden deeply and doesn't create any weird activity. Sometimes, attackers may use spyware as a keylogger, which is intentionally installed in an organization to monitor all activities of employees.

  • Fileless Malware

Unlike all common malware, fileless malware is a type of malicious software that uses legitimate programs to infect users' computers. It does not download any file onto a victim’s computer and leaves no footprint. Because it hides in trusted programs, fileless malware runs in the computer's memory, making it challenging to detect and remove. There are also claims that it is “undetectable,” but this is not accurate. Many people have said this because this sort of malware is almost invisible under the radar of antivirus, malware removal application, and other traditional security solutions. For those reasons, it has been very useful in evading defenses. The Ponemon Institute claims that fileless attacks have a success rate ten times higher than file-based attacks.

In July 2018, researchers discovered a fileless malware called Operation RogueRobi. Hiding in Microsoft Excel Web Query files in email attachments, it makes victim computers run PowerShell command scripts and grant access to the system to attackers. Because of using PowerShell, a trusted part of the Microsoft platform, this kind of attack typically does not trigger any security alert.

  • Scareware

Also known as deception software, scareware often redirects gullible users to weird websites and prompts that a severe virus or malware has infected their computer. In turn, this malware recommends users purchase malware removal tools or malware blockers by giving away credit card details. This trick is sophisticated and makes users panic, and they have no hesitation in buying the offered software. However, what they download turns out to be malware, intended to gather the victim's sensitive data. Fraudsters also send out emails massively to distribute scareware and then fool users into purchasing worthless services.

What is a virus?

A virus is a distinctive form of malware and quite similar to a worm, trojan, ransomware, adware, spyware, or scareware. In other words, you can call a virus malware, but not the opposite. Viruses spread by embedding themselves to legitimate files and programs. It spreads through multiple methods, including infected websites, USB flash drives, over the local network, and emails. Victims activate viruses by launching infected files or programs. They can also insert executable code in the 'autorun.inf' file and automatically run when users plug in a USB flash drive. Once activated, viruses may modify files and applications, disable system functions, remove or encrypt files. They can also replicate themselves and try to spread to other computers to increase the infection zone.

Type of viruses

Hackers, attackers have made many different types of viruses to serve different purposes. To categorize, these are the four most common types:

  • File infectors viruses

A file infector virus can burrow and embed itself into an executable file and spread through a network. It can also overwrite a computer's operating system or even reformat a drive.

  • Macro viruses

Macro viruses are written in the same macro language that uses macros-supported programs, such as Microsoft Word or Excel. Attackers embed harmful code in the macros that are associated with documents or spreadsheets - and cause a series of continuous actions to run automatically when the victim opened those files. Macro viruses often stay in malicious attachments and spread through emails. The more users share infected documents and spreadsheets, the more viruses spread. Besides, there are a few variants that are capable of accessing victims' email accounts and send out copies of infected files to all users' contacts. It is an effective method to increase the affected zone. This sort of virus focuses on a specific application so that it can run on any operating system, including Windows, macOS, and Linux.

  • Overwrite viruses

The primary purpose of the overwrite viruses is to demolish targeted files, sensitive data, or even the entire system. After launching in victims' computers, this virus starts overwriting all targeted files with its code. Moreover, it can embed a new code in files or apps and use them to distribute more viruses to other connected systems. Unlike ransomware, where users have a chance to get essential data back by paying a ransom to attackers, overwrite viruses destroy everything, making the files unusable.

  • Polymorphic viruses

Polymorphic viruses can create modified, and encrypted versions of themselves to evade detection but retain the same feature and purpose after every infection. To make it undetectable, it encrypts its codes and uses a different encryption key on each version. It can also alter its decryption routine every time. By using sophisticated mutation engines, polymorphic viruses generate billions of decryption routines, which make them even tougher to detect. It looks like you are facing a person that can clone itself limitlessly with different faces and personalities. This way, traditional security tools may not easily detect it. Polymorphic viruses often spread through the use of other malware, infected sites, or email spam.

Whether it is a virus or malware, both can cause considerable damage and take a significant time for debugging. However, both need to be handled very differently. Let me show you how to find out whether your Mac has a virus or malware.

How Do You Know If Your Mac Computer Has A Virus Or Malware?

Regardless of being infected by viruses or malware, several different symptoms will appear on your Mac computer. It could be a sudden pop-up with a warning message, seeing odd things on the screen, your Mac slows down, or it often takes too much CPU or RAM resources.

Here are several signs that your macOS computer probably has a virus or malware:

  • Your Mac computer starts running very slow and takes so long to open an application. Sometimes, it doesn't open at all.
  • While using apps, it's lagging much more than it usually does.
  • Apps suddenly run on their own.
  • Found an unfamiliar app on your Mac that you’ve never installed.
  • Randomly displays odd things on your Mac screen.
  • Randomly displays advertisement pop-ups.
  • Found a strange toolbar on your web browser.
  • Visit a familiar website but see a strange interface.

If you see one or more of these signs, it does not necessarily mean a virus or malware has infected your Mac computer. It is a sign that you should consider checking. It is well-worth getting to the root of the issue. You can find a Mac antivirus or malware removal tool and start to scan and clean any malicious files and programs.

How To Scan Your Mac For Viruses, Malware And Clean Them Out

How To Scan Mac For Malware Free

What should you do if your Mac infected a virus or malware? The first step I would recommend is to find an antivirus or anti-malware for Mac.

But which one?

You can use search engines like Google.com to find more details on your Mac's symptoms. But be aware that you shouldn't download whatever you see at the top of the search results. Many attackers try to put their websites in front of the search results and offer fake antivirus software. So, instead of downloading and fixing the problem, you make it worse.

Hold on! Why don't you take a look at recommended antivirus, anti-malware software from me first? I have prepared a shortlist of three useful tools to help you fight Mac viruses and malware. If this list isn't enough for you, then {here is the extended version with many trusted free antivirus and malware removal tools for Mac}.

Besides, I have also used {CleanMyMac X***} to scan my Mac for malware several times. It comes with a real-time malware monitor that can detect and remove thousands of threats, including worms, trojans, ransomware, adware, spyware, and much more. You can use this application to scan and remove temporary files on your Mac computer. Unfortunately, it's a premium application and requires paying a certain amount of money to use.

Avast Security for Mac

This is one of the most personal security suites that's effective and free for non-commercial users. It provides the necessary tools to do full-system malware scans or other specific tasks. Users can also 'drag and drop' one or multiple files to scan for viruses and malware. Besides, they can select a particular external hard drive or attached volumes to diagnose.

The application's interface is straightforward with a navigational pane on the left. It also offers a real-time graph that provides activities information to users and can check the overall macOS computer stats instantly. Besides the free security suite, Avast offers Avast Premium Security for $59.99 per year at their homepage. If you would like to purchase it, I would suggest you get this premium version from Amazon.com. It's much cheaper, and you only need to pay $24.99 per year.

Malwarebytes Anti-Malware for Mac

This started as an adware removal tool for Mac and has now become a full-fledged tool to fight against most types of malware. The basic feature of this tool is to detect and remove malicious and unwanted programs. There are also four more helpful features, including proactively preventing and blocking malicious apps, creating schedule scans, updating databases, and blocking apps from untrusted developers. However, you can only use four additional features in 14 days as a trial program in the free version. To use them more and get live protection, you need to pay $40 for a year and use it on one device. There is also an exclusive offer from Amazon.com at the same price, but the time is longer (18 months) and for two devices.

Bitdefender Antivirus for Mac

You can quickly perform a deep scan of your entire Mac computer or target a specific location with this virus scanner. It can also scan critical locations, such as the entire system library or Mac's launch agents. In the interface, users can select four distinct scanning options, as well as 'View Quarantine' and 'Update' buttons. This antivirus automatically checks and downloads updates hourly from Bitdefender's data to protect your Mac better. Bitdefender Antivirus for Mac is available from the Apple Mac App Store. For premium versions of antivirus software or internet security from Bitdefender, take a look at Amazon.com, the price starts at $15.

Ultimately, relying on antivirus or anti-malware software alone will never be enough. You should always back up your Mac computer with Time Machine. Do not download files and applications from questionable sources. Do not overrule Apple Gatekeeper's warnings if you are not sure. Do not click on links or attachments in emails from unknown senders. Do not listen to suspicious websites prompting you to install Adobe Flash Player or any other applications.

How To Scan For Malware On A Mac

So, here is everything I would like to share. Let's find suitable antivirus software for you to protect your Mac computer. If you have a better method to detect and remove viruses and malware out of macOS, let me know. I will review the information and update this article. The ultimate purpose is to make it a useful resource.

How To Scan A Mac For Malware

ShareFacebookTwitterPinterestEmail

Related Posts

MacKeeper Review 2020 - Essential Software To Keep Your Mac Safe

How To Scan My Mac For Malware

10 Amazing Things You Didn't Know A VPN Could Do

How To Scan Mac For Malware

Understanding And Troubleshooting With Network Utility On Mac