5 Easy Ways to Infect Your Mac With Malware
Whatsapp Pinterest

Mac users have it easy when it comes to computer security. There’s no need to run resource-hogging anti-virus software, worry about the lion’s share of exploits that specifically target Windows users, and your Mac will even scream at you for trying to install software from an unknown source.

As a result you might think it’s pretty difficult to infect your Mac with malware, but there are always exceptions. Apple’s desktop operating system can be compromised in a number of ways What Security Threats Face Mac Users In 2016? What Security Threats Face Mac Users In 2016? Deserved or not, Mac OS X has a reputation for being more secure than Windows. But is that reputation still deserved? What security threats exist for the Apple platform, and how are they affecting users? Read More — here’s five of them.

Download Pirated Software

This is probably the most obvious way to put your Mac at risk, and the same is true for Windows users. You could however argue that Windows users are in a better situation purely by virtue of the fact that there are a huge number of virus scanners available for the platform The 8 Best Security Software for Windows 10 Malware Protection The 8 Best Security Software for Windows 10 Malware Protection Want to tighten security on your PC? It's a good idea, so take a look at these fantastic antivirus choices for Windows 10. Read More , and most users understand the importance of security software on Windows. Personally I haven’t got a virus scanner on my Mac, and I doubt you have either.

That’s because Apple’s operating system has long been considered a relatively safe platform, but when you install software you’re opening that platform up to third parties. While it’s likely that many (most?) providers of pirated software out there are mostly concerned with making paid software available for nothing, there’s no way to know for sure.


There’s a huge amount of trust involved in running keygens and other third-party activation tools to crack expensive software packages. There’s no way to know what’s been tampered with, and by who. While your Mac sandboxes software by default, anything that asks for an admin override to gain unfettered access to your system should ring alarm bells.

It’s also unwise to trust everything you read in the comment section of your favorite torrent tracker. While the software may indeed work once all of the steps have been followed, many users may not realize they are infected. A blog post by Sophos published in May 2016 mentions infected torrents consisting of a reworked version of iWorks (Apple’s office suite), a reworked version of Xcode (Apple’s developer tool), and even a download of Linux Mint that included Linux-specific malware.

If you don’t want to install more than you bargained for, stick to free alternatives The Best Mac Apps to Install on Your MacBook or iMac The Best Mac Apps to Install on Your MacBook or iMac Looking for the best apps for your MacBook or iMac? Here's our comprehensive list of the best apps for macOS. Read More or open your wallet and download software from legitimate sources.

Install Fake Anti-Virus Software

Remember Mac Defender? It surfaced in 2011 and positioned itself as an anti-malware tool that could help you clean up your infected system. The scam was made all the more believable by a fake webpage that warned users they had been compromised, and that installing Mac Defender was the best way to rectify the situation. The problem became so widespread that it prompted Apple to post instructions about removing and avoiding the software.

Generally speaking, the dodgier the website the more likely you are to see such a bogus warning. This goes hand-in-hand with pirated software, though these adverts have a tendency to infiltrate legitimate advertising networks too. Many take control of your browser, flooding you with pop-up dialog boxes that require you hit “Continue” which in turn serves a bogus download.


While online virus scanners do exist The 7 Best Free Online Virus Scan and Removal Sites The 7 Best Free Online Virus Scan and Removal Sites Need to check for a computer virus but don't have antivirus software installed? Try these excellent online virus scanning tools. Read More , they don’t present themselves as unwanted tabs or start unsolicited scans of your system while you are browsing the web. Many browsers protect against this sort of dishonest and aggressive approach by providing flood protection against dialog boxes, and in the case of some browsers (like Chrome) blocking access to websites altogether.

After lying to you about having an infected machine, scams like this usually install ransomware which requires you hand over some cash in order to remove the software you didn’t need in the first place. There are legitimate Mac antivirus programs available 9 Apple Mac Antivirus Options You Should Consider Today 9 Apple Mac Antivirus Options You Should Consider Today By now, you should know that Macs need antivirus software, but which one should you choose? These nine security suites will help you stay free of viruses, trojans, and all other sorts of malware. Read More , but you really only need a few free tools for a secure system Here's The Only Mac Security Software You Need Here's The Only Mac Security Software You Need For most people, OS X is fairly secure out of the box — and there are a number of programs out there that potentially do more harm than good. Read More .

Use Unpatched Flash

The Flash browser plugin is Adobe’s leakiest product, responsible for more of the company’s security issues than any other single product. So far in 2016, more than 200 vulnerabilities have been recorded. It’s also becoming more and more obsolete, as technologies like HTML5 What Is HTML5, And How Does It Change The Way I Browse? [MakeUseOf Explains] What Is HTML5, And How Does It Change The Way I Browse? [MakeUseOf Explains] Over the past few years, you may have heard the term HTML5 every once in a while. Whether you know anything about web development or not, the concept can be somewhat nebulous and confusing. Obviously,... Read More allow modern browsers to perform many of the same tasks natively.

Flash is outdated, poses a security threat and, thanks to a concerted effort by the industry, is currently being phased out Die Flash Die: The Ongoing History of Tech Companies Trying to Kill Flash Die Flash Die: The Ongoing History of Tech Companies Trying to Kill Flash Flash has been in decline for a long time, but when will it die? Read More . As recently as last year we called for users to uninstall Flash altogether Security Alert: You Need to Uninstall Flash Right Now Security Alert: You Need to Uninstall Flash Right Now Flash is so full of security holes and vulnerabilities, it just doesn't make sense to keep it installed anymore. Here's how to get rid of it. Read More  as it’s quite possibly the biggest threat to platform security on any operating system. But don’t just take our word for it — in June 2016 Apple started automatically blocking versions of Flash that are out of date in the Safari browser.


Firefox disabled Flash at one point, and Google’s Chrome browser has long included a sandboxed version of Flash which restricts the plug-in by running it in a secure environment that can’t hurt your PC. If you are running Safari, you can force the browser to ask you to “trust” websites that try to run Flash under Preferences > Security >Plug-in Settings.

It’s worth noting that even running the latest version of Flash doesn’t mean you’re safe, as zero-day vulnerabilities What Is a Zero Day Vulnerability? [MakeUseOf Explains] What Is a Zero Day Vulnerability? [MakeUseOf Explains] Read More  where the vendor (Adobe) isn’t given time to fix the exploit before its details are made public still pose a threat. If you really want to be safe, disable Flash altogether in Safari by unchecking Flash in Preferences > Security >Plug-in Settings, or better yet uninstall it from your system completely.

Enable Java’s Browser Extension

Noticed a pattern forming yet? The biggest security concern faced by Mac users comes predominantly from third-party software. By design, Apple’s operating system is generally pretty secure (but only a fool would believe it’s completely water-tight). Another way of opening your system up to attack is by installing Java and its browser extension, which allows you to run software written in Java right in the browser.

Not to be confused with JavaScript, Java is a programming language that and runtime environment that some apps require you install before they will work properly. It has also been used to run software — known as applets — on web pages, and exploited as such. If you ever played Minecraft in its early beta days, you’d have been running a Java applet in your browser.

When the technology first arrived in 1995, it was a game-changer and allowed for the development far more advanced web-based software than ever before. But Java’s browser plugin quickly built up a reputation for putting devices at risk, running malicious code within the browser, and untimely updates from Oracle themselves.

The Java Runtime Environment, which allows users to build and distribute standalone apps, has proven to be just as secure as any other development framework; but there have been many flaws in the way the Java browser plugin handles sandboxing. Oracle has demonstrated time and time again that they are unable to secure the technology, and now major browsers have started to phase it out.

In 2015 Google’s Chrome browser dropped Java The Web Just Became More Secure: Google Drops Support for Java The Web Just Became More Secure: Google Drops Support for Java When Java was first released in 1995, it was revolutionary. But now, it's safe to say that Java has lost its shine, and Google is about to drop support for it in Chrome. Read More  and a few other plug ins entirely, making it impossible for them to run. If you’re using Apple’s own browser, you can disable it entirely by unchecking the relevant box in Safari’s Preferences > Security > Plug-in Settings menu.

It’s unlikely you’ll need to rely on websites that use the Java browser plugin any more, and if you do there are likely alternatives you can turn to that use a more modern technology. For that reason you can uninstall Java and its browser plugin altogether Disable Java on Mac OS X for a Secure System Disable Java on Mac OS X for a Secure System Macs are generally secure, but Java has been causing security problems for years. It's finally time to get rid of Java on your Mac; here's how. Read More , or at the very least limit your system to the Java Runtime Environment for running local software.

Blindly Trust Apps & Browser Extensions

Since GateKeeper came along The iOS-ification Of OSX - The Beginning Of The End? Or A Natural Harmonisation? [Opinion] The iOS-ification Of OSX - The Beginning Of The End? Or A Natural Harmonisation? [Opinion] Recent announcements about the next major upgrade of OSX, named Mountain Lion, have garnered mixed reactions from the community. Some are proclaiming the death of the Mac; some think it's the first step in dumbing... Read More , Apple has been meddling in your Mac’s affairs on a third party software level. The technology prevents unsigned applications from running by default, and can even be locked down to only allow software from the Mac App Store to run. This means that by default your Mac can’t just run software from anywhere — you have to disable the feature or override on a per-app basis under System Preferences > Security.

The reality is that most unsigned software is safe, even if it isn’t signed by Apple. Of course there are exceptions, but the reality is that your own discretion is one of the most valuable security tools you have available. Not all developers can justify the cost of enrolling as a trusted developer, and others have to work outside of the boundaries set by the Mac App Store. Many apps that we recommend here at MakeUseOf are not available on the App Store, nor are they signed by a “trusted” developer — but they’re still legitimate apps that won’t harm your system.


App sandboxing exists in OS X to safeguard your machine, which prevents apps from having unfettered access to your system. App permissions also help restrict your computer giving away too much information about you, just like in Apple’s mobile operating system iOS. Your Mac will now ask you if you consent to an app having access to your Contacts, or to manage your Accessibility options.

Some apps require admin-level permissions, and require you enter your admin password upon installing or when trying to perform a certain operation. These are apps you want to keep an eye on, but you don’t necessarily need to distrust all. Most will simply need a higher level of access, like all-in-one Apache, SQL and PHP installer XAMPP How To Install A Windows Web Server On Your PC With XAMPP How To Install A Windows Web Server On Your PC With XAMPP Read More , or Duet Display which turns your iPad or iPhone into a second display Turn Your iOS Device Into an Extra Monitor With Duet Turn Your iOS Device Into an Extra Monitor With Duet You can now use an iPad app to expand your collection of screens, turning your $500 tablet into a small, portable monitor. It's called Duet. Read More  but requires the installation of a driver in order to do so.

Other apps may pose a risk — some third party tweaks apps may ask for admin-level permissions to run sudo commands, which you could just run yourself in Terminal 10 Hidden Terminal Commands for Customizing the Mac Dock 10 Hidden Terminal Commands for Customizing the Mac Dock From simple tweaks like adding hidden stacks for recent items, to only displaying the currently open applications – there's a lot you can do to customize your Mac's dock. Read More . The more obscure the app, the higher the risk — above all avoid apps that are hosted on file lockers like Mega or cracked apps downloaded via BitTorrent.

Browser extensions should also be treated with the same level of scrutiny 4 Malicious Browser Extensions That Help Hackers Target Their Victims 4 Malicious Browser Extensions That Help Hackers Target Their Victims You'd be wrong to think all browser extensions are designed to help you. Whether extensions exploit vulnerabilities or send data to hackers, it's time to be vigilant about how you enhance your browser. Read More . Whenever you add a new extension to Chrome, Firefox, or Safari, you’re explicitly allowing another piece of code to run inside your browser. While attempts are made to mitigate this sort of intrusion using measures like Chrome’s permissions system, many browser plugins ask for full access to your browsing data. They can be used to scrape personal information and credentials, and even insert adverts into web pages without your knowledge.


As a result, question every browser extension you have installed. On Safari, you can head to Preferences > Extensions and click on a browser to reveal the Uninstall option. Regardless of which browser you’re using, it’s better to get rid of extensions you rarely or never use to free up space, resources and revoke unwanted access to your browsing data.

Sometimes apps you trust that are already installed can put you at risk, though these occurrences are few and far between. In March 2016 it was found that an update to trusted Mac BitTorrent client Transmission was infected with ransomware, which compromised your Mac simply by installing the update. Fortunately developers pulled the update and issued a new version, as well as instructions for removing the update altogether.

Don’t Be Scared

Security is one of the things Apple has a history of getting right. As more people buy Macs, and Microsoft tightens up security on their end, malware developers often turn their gaze towards Apple. The reality is that the pay-off is still relatively low due to a small installed user-base, so your Mac isn’t as big a target as you probably think it is.

The biggest threat to your Mac usually comes from third-party software like web plug-ins and browser extensions that harvest your information. Many such exploits can be used across multiple platforms, so the pay-off is bigger. Fortunately the reliance on security risks like Flash and Java is waning, as the technologies are phased out in favor of more secure modern technologies.

Most Mac users are used to not requiring any additional security software, and that’s largely true. You still may want to exercise a bit of common sense 7 Common Sense Tips to Help You Avoid Catching Malware 7 Common Sense Tips to Help You Avoid Catching Malware The Internet has made a lot possible. Accessing information and communicating with people from far away has become a breeze. At the same time, however, our curiosity can quickly lead us down dark virtual alleys... Read More when installing software and providing admin-level access to applications that request it though — just to be safe.

Have you ever had an infected Mac? Tell us all about your security problems (or lack of them) below.

Explore more about: Adobe Flash, Browser Extensions, Java, Mac App Store, Malware, Ransomware.

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Anon
    August 19, 2016 at 4:06 am

    Definitely true. I always thought that, despite the much smaller user base, the lax attitude many mac owners have towards security might provide a major problem in terms of malware, if anyone had wanted to go towards that direction.
    Exercise caution and make smart decisions, and you will be safe. This is true on any platform you use.

    • Tim Brookes
      August 23, 2016 at 3:02 am

      Agreed. Complacency is often the biggest risk to security — whether it's leaving your GPS unit on display in a parked car, not bothering to lock a window in your house, or simply trusting random files you download on the Internet.