Is Mac vulnerable to malware and adware? by Zehra Ali


Last week, malwarebytes researcher, Adam Thomas found that Mac malware displays some troubling behaviors, which include intercepting encrypted web traffic to inject ads.

Previously, Mac has not been targeted by hackers as often as Windows systems. However, since the time Mac become popular, cyber-criminals are gradually pointing and aiming their attention toward the board. This is something really bad and is alarming news for Mac users.

Some estimates reveal that Mac-specific malware increased 270% in 2017, but threats are still not as prevalent as on Windows systems. However, if you are targeted once, you could face some serious effects; it can lead to the loss of important files and pictures, identity theft, and can even lock you out of your machine.

As far as sensitive data, such as photos, are concerned, the hackers could exploit a vulnerability in apps such as Mac’s Similar Photo Cleaner.

The researcher explained that malware is often found on a bland and ordinary disk image file, lacking the usual decorations that possibly will make it look like a legal and valid installer. When the system is opened, the apps do not show an installer display but, on the other hand, unnoticeably installs its components.

The only proof and indication that it is doing something comes from two verification requests. The first request is about approving changes to Certificate Trust Settings while the second request is about permitting something known as ‘’spi’’, which is used to control the network configuration.

The malware was released during the second stage, downloaded by other malicious installers. Thus, there is no need for a user interface, since the user will not be able to see anything more than the password requests and it will be within the framework of another installer.

Where does ‘’Malware’’ get in and how do you detect it?

Adware and malware frequently come packed in installers for other software. This happens because something was downloaded illegally from a torrent or pirated site. At times it is because it has been inserted to a legal and valid software by a crooked download site.

Malware also gets in when a developer decides to use an adware-riddled installer, which is provided with incentives and motivation by the adware creator to distribute their software. Moreover, it can even be installed by deceitfulness and fraud, by pretending to be something that it's not to trick the user into installing it.

Malware and adware can be detected when advertisements start appearing on Mac where they should not. Also, when adware changes a browser’s homepage and search engine settings, it may also initiate redirects from legal sites to the sites created for benefiting the adware developer. Furthermore, if you start witnessing some secondary problems, like web pages displayed incorrectly or the browser crashing, then malware and adware had to get into your system.

How do you remove it?

There are different ways by malware and adware can be removed. But the most important thing which you should keep in mind before applying any method of removal is to make a backup of your system to avoid any loss of data.

Following are the methods by which we can easily remove the malicious software from Mac.

1a) Scan with malwarebytes anti-malware for Mac:

The first and easiest method/step to remove malware and adware is to download and run anti-malware for Mac.

The authentic Mac antivirus will scan your system and will help to remove adware automatically. It is recommended that you pay close attention to any occasions or triggers, as you need to decide whether to delete or not delete particular files or you may need to restart the system and then do the scanning. It is important to read the prompts thoroughly and make sure you understand and follow all the given instructions.

1b)    Manual Removal:

If you are using Mac OS X version that an antivirus like malwarebytes antivirus (MBAM) does not support, then you can opt for a manual removal method. In this method be very careful and follow all the directions and instructions. However, for some adware, there are some risks associated with manual removal thus show extra care in this case. Also, there are some adware that can cause damage to your system, and it might become unable to start back up if the instructions are not carefully followed.

2)  Check for other causes:

At times it might happen that you won’t find any signs of adware. In this case, you might be on a cooperated network or any ad-supported Wi-Fi network. It may also happen that you would be looking at a site which is either a bad site or is blocked.

3)  Report a New Adware:

If you have followed the instructions given in steps one and two, but you find there is no adware in step 1 while the test in step 2 indicates that the problem is basically due to adware, you can contact your anti-malware for Mac support team and choose contact support from the help menu.

Apple’s New Feature to Improve Security

Considering the need for protecting Mac from different internet threats, Apple has added some new features to improve security and to provide better functionality to the users. The newly added features are as follows:


This is a built-in tool designed to stop users from downloading unapproved Mac apps. There is a serious kind of risk of malware-laden applications posing as legitimate software when you are in a third-party marketplace. In case the app is not digitally signed and approved by Apple, the gatekeeper will warn the user. The Mac’s password protection also helps for gatekeeping various purchases and downloads.


This features guarantees that malware is inaccessible and separated from the important parts of your machine. Moreover, this feature also provides additional security in case the system is hijacked by the attackers.


There are specific third-party technology platforms that can impose a further risk to Mac users. To avoid this situation, Mac OS is typically designed to block certain plugins like Adobe Flash Player, Silverlight, QuickTime, and Oracle Java if they are not updated to the last and secure version.

FileVault 2:

This feature provides full disk encryption to keep data protected when a hacker/attacker attempts to get access to information on your system.


Nowadays, phishing is very common. It is intended to fool or trick the receiver of an email into clicking on a malevolent link that will take them to the specially made site where they inquire for logins, financial and other personal data. The site can also download ransomware to lock important files or Mac until you pay the required amount. To overcome this situation, Apple’s safari browser has made anti-phishing technology to spot these sites.


A new built-in malware examining tool now works in the background. If you attempt to open a file or download an app, it will check the file against a blacklist of known malware and will also flag anything doubtful. This built-in tool needs no user interaction to work and is on by default and won’t slow down Mac.

However, its efficiency can suffer if it’s not updated to the latest Mac OS version.


Although now, like Windows systems Mac also gets vulnerable to malware and adware, the positive side is that there are third parties that have helped to boost the built-in security of Mac to increase protection against the increasing internet threat levels. Apple has introduced certain features that are working well enough to ensure the security and protection of users as well as Mac too.

About the Author:

Zehra Ali is a Tech Reporter and Journalist with 2 years of experience in infosec industry. She writes on topics related to cybersecurity, IoT, AI, Big Data and other privacy matters on various platforms. She is also the Editor at PrivacySniffs.

November 21, 2018


Hakin9 TEAM
Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023