All about Mac antivirus

Can Macs get viruses?

If you’re a Mac user, you get mixed messages about whether viruses and other malicious software pose a bona fide threat. Historically, Mac fans have touted their platform as immune to the kinds of data attacks and other hostile intrusions that plague the Windows world. Apple itself even reassured its customers for years that Macs “don’t get viruses.” It even said so in a series of commercials that first aired in 2006.

While it’s true Macs are more secure than PCs, they’re still vulnerable to viruses, and they always have been. By design, the Mac operating system is more secure against the threat of viruses and malware, but there are still plenty of ways for malware to find its way in. Another thing protecting Macs is the fact that they’re less popular than PCs, but that doesn’t stop some hackers from targeting Macs. Despite this, there are still tech pundits who recklessly advise against taking even basic security precautions, such as installing a cybersecurity program.

“Malwarebytes saw more Mac malware in 2017 than in any previous year.”

In the last few years, a growing number of active threats have targeted the Mac operating system. In fact, Malwarebytes saw more Mac malware in 2017 than in any previous year. By the end of 2017, the Malwarebytes intel team counted 270 percent more unique threats on the Mac platform than in 2016. What’s more, Apple's current strategies may not be enough to stop the rising tide of Mac viruses and malware. Look into the history of threats to Macs, and you’ll see that even early on, the so-called “Mac invulnerability” was a myth. It makes you think twice about wandering around cyberspace on your Mac without taking precautions. (For further reading, see “Mac security facts and fallacies” by Thomas Reed.)

The latest Mac malware news

The state of Mac malware
Interesting disguise employed by new Mac malware HiddenLotus
Mac malware OSX.Proton strikes again

A short history of Mac attacks

The first widespread Apple virus was called Elk Cloner. It was created by a 15-year-old high school student in 1982, and it targeted Apple II computers. Disseminated by infected floppy disks, the virus itself was harmless, but it spread to all disks attached to a system. It proliferated so quickly that many consider it the first large-scale computer virus outbreak in history. Note that this was prior to any PC malware.

The first virus that targeted Macintosh computers, nVir, emerged in 1987 and remained a problem until 1991. It infected executable files on Macs, causing system issues like printing problems, application crashes, and slow response times. Compared to today’s malware that steals your identity or spies on you remotely, nVir’s annoyances seem quaint.

“nVir emerged in 1987 and remained a problem until 1991.”

Apple’s switch to a completely new architecture in 2001 helped squash such nasty bug invasions, but malware for OS X started to appear a few years later. Since roughly 2012, the number of Mac threats have seen a huge upswing. These threats include malware like spyware, keyloggers, backdoors, and more. It also includes Mac adware, and potentially unwanted programs (PUPs). All of these contribute to an increased risk for Macs. Even the Mac App Store has suffered a tidal wave of scam software. Go to any Mac forum these days and it won’t take you five minutes to find someone suffering from some kind of malicious threat.

Even as the first Mac virus threats appeared, they inspired counter measures. The first Mac antivirus programs were created in 1987 in response to nVIR and variants of nVIR. In addition, those of us sufficiently long in the tooth might even remember one of the most popular early Mac antivirus programs—a free utility named Disinfectant, released in 1989.

OS X security measures

Aware of the problem, Apple eventually replaced the classic Mac operating system with the new Mac OS X, which came with built-in malware security measures. For instance:

  • Quarantine, introduced in 2007, alerts users if they try to open applications downloaded from the Internet. It acts as a reminder, in effect prompting users to think twice before clicking—even if it’s a benign program. But Quarantine is useless against executable programs that download and launch by exploiting vulnerabilities in your browser, executing the so-called drive-by download.
  • Xprotect, added in 2009, prevents malware from being opened, but only if it carries a known signature from an ever-changing universe of malware programs. This means you have to keep updating the signature database to stay ahead of the latest threats. If that database lags behind, the bad guys get ahead.
  • Gatekeeper, which appeared in 2012, only allows installation of applications from the Mac App Store and its identified developers who have “signed’ their code. However, the modest fee to register as an identified developer, bad guy or not, presents a low barrier to getting around Gatekeeper. In other words, Mac malware often comes signed nowadays, so it looks legit to Gatekeeper.
  • There is also Malware Removal Tool, which removes known malware but only after infection, and only at certain times, such as when the computer restarts.

While these measures by Apple help lower the user’s risk, they’re not really sufficient. There are ways to bypass them, and they don't block or detect all threat types.

Who do Mac viruses and other malware target?

The answer to that depends on the malware. Mac adware and Mac PUPs most often go after the average user, based on the assumption that Mac users are well-to-do and worth the effort. Other malware deploys in a targeted manner, such as nation-state malware, which goes after specific individuals or small groups.

Another likely vector is the developer community itself. In this sort of attack, often called supply-chain attacks, the hackers concentrate on breaching a developer’s server, allowing them to insert themselves in some part of a process between the writing and delivery of the app to users. Some time ago, a particularly widespread hack of this sort placed an infected copy of Xcode (a suite of Apple software development tools) on a developer’s servers, which subsequently affected tens of thousands of iOS apps. Once it was discovered, Apple went in and shut down all the infected copies of Xcode. (For further reading, see “XcodeGhost malware infiltrates App Store” by Thomas Reed.)

“Another likely vector is the developer community itself.”

Is my Mac infected?

How do you know if your Mac has a malware infection? Look for such clues as:

  • You land on a web page you’ve selected, and advertising banners start to intrude on you aggressively.
  • You notice that random web page text suddenly has a hyperlink.
  • Browser pop ups get in your face, earnestly recommending fake updates or other fake software.
  • You notice other unwanted adware programs, which you did not authorize or which were installed without your knowledge.
  • Your Mac crashes, heats up, or runs its fan faster than normal for no apparent reason. It may be working on an intensive task because of a cryptocurrency miner on your system, most likely installed by a Mac Trojan.

If you see any of the above, or other strange behavior, then it’s high time you got yourself some cybersecurity protection. Furthermore, though the general consumer may consider cybersecurity synonymous with the term “antivirus,” the more accurate designation should be “anti-malware,” a catch-all term that describes all malicious software, regardless of type. For example, viruses and Trojans are two specific types of malicious software, both of which are malware. The fact is, viruses are much less of a thing today, largely because there are far easier ways to infect Macs with Trojans, worms, spyware, and ransomware. (For further reading, see “How to tell if your Mac is infected” by Wendy Zamora.)

So how do I protect myself against Mac malware?

First of all, don’t fall for the hype. There’s nothing implicitly safer about a Mac except for the rarity of threats compared to Windows. As the Mac threat landscape continues to expand, most Mac users aren’t prepared for it, continuing to think they’re safe simply by virtue of using a Mac. This puts Mac users at higher risk of getting infected with something nasty.

“There’s nothing implicitly safer about a Mac except for the rarity of threats when compared to Windows.”

Secondly, always remember the “if it’s too good to be true” rule. If you get a perky pop up offering something free, put on your skeptical face and don’t touch that mouse. This often happens on risky websites, so it’s best to avoid them. If you look at the status bar at the bottom of your browser, it’ll usually show you the true URL of the site you’ll go to if you follow the link you’re mousing over (without clicking). Pay particular attention if the domain ends in an odd set of letters, i.e., something other than com, org, edu, or biz, to name a few. This may indicate it is a viper’s nest for malware.

Also, keep your software up to date, whether it’s the operating system, browser, or just about any program you frequently use. That way, you’ll avoid any malware that seeks to exploit any bugs in the code.

Remember, you are your own first line of defense, so stay vigilant. Beware of unsolicited email attachments and software from untrustworthy websites or peer-to-peer file transfer networks.

Finally, install a Mac cybersecurity or anti-malware program from a reputable vendor. This will protect you from malware that makes it past your good cybersecurity habits.

What to look for in a Mac cybersecurity (“antivirus”) program

What should the enlightened Mac user look for in a cybersecurity program?

  • Comprehensive, layered protection. It should be able to scan and detect viruses, as well as maintain proactive real-time defense against malware. The goal is to catch dangerous threats automatically, before they infect your Mac. This way, you don’t have to stress about it or rely on manual scans.  
  • Detection of adware and potentially unwanted programs (PUPs). These annoyances can lurk on your machine, slowing down your Mac. You want security software that finds and quarantines them.
  • Remediation. After removing the threats, remediation corrects system changes, regardless of severity. This allows you to return to the machine’s “desired state.”

Of course, it’s best to have comprehensive protection before something—malware or otherwise—infects your Mac. If you do take a hit, hit back by downloading Malwarebytes for Mac, run a scan, and rest easier. It zaps and continues to block malware. It detects and quarantines adware and PUPs too, and it does it all with a low impact on system resources, so you don’t get bogged down. It can even recognize when new threats appear to be similar to the signatures of previously identified threats, providing protection against new, unidentified threats (zero-day).

Here’s your takeaway: Even on a Mac, safe computing is a matter of vigilance. Avoid opening unsolicited email attachments or downloading software from untrustworthy websites or peer-to-peer file transfer networks. Keeping security in mind can go a long way toward keeping you safe from some online threats, but not all of them. This is why a good Mac cybersecurity program is essential.

See all our reporting on Mac malware at Malwarebytes Labs

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Select your language