View All R&D Articles

Can a MacOS Computer Get a Virus?

April 20, 2023

Apple’s macOS is extremely secure, but like all operating systems, it can be infected by trojans, viruses, ransomware, and other types of malware. 

This is less of a significant threat than on Windows machines for several reasons:

  • By default, macOS doesn’t allow the installation of unverified third-party software. A scanning service called Notarization requires developers to submit their apps for scanning as a component of the distribution process.
  • macOS has built-in malware tools. Gatekeeper, the primary security technology, verifies that executables haven’t been altered and prompts users before allowing them to run.
  • The operating system also maintains a regularly updated, signature-based list of malware (XProtect). This enables macOS to remediate most malware that has been executed. 
  • Generally, macOS is a poor target for ransomware. Windows computers represent a bigger share of the market. Malware creators want their software to spread, so they typically target Windows users — it makes less sense to target a smaller operating system with stronger security controls.

Essentially, Apple devices existed in a walled garden: Apple controls what software is allowed to run, and while users can disable security controls, most do not. 

How Malware Spreads on MacOS Machines

With that said, malware can infect macOS computers, particularly if users disable their security controls. That’s common when users are trying to pirate software: In 2020, the ThiefQuest/EvilQuest ransomware spread across macOS machines via an infected copy of pirated software that was available through torrent tracking websites.  

A computer running macOS.

Mac OS computers may be targets for malware infection.

And in March 2023, a trojan horse known as MacStealer spread through a compromised .DMG file. MacStealer targeted user data in KeyChain databases and other types of files, potentially stealing iCloud passwords, credit card numbers, and other sensitive data. 

macOS malware can also spread through phishing. Users are tricked into clicking a link on a website or in an email. They may be prompted to enter private credentials or download an executable file. 

Adware and spyware can also be an issue, though these programs may not meet strict definitions of “malware.” Users may willingly download a program that slows down their computer by tracking behavior and showing ads. Generally, these programs don’t make it through the Notarization process.

Recovering Data from a MacOS Malware Infection

The good news: Apple releases regular security patches to address known threats. If you keep your computer up to date — and don’t routinely install pirated software — you probably don’t need to worry much about malware. 

You certainly don’t need a third-party virus scanner: macOS’s built in security controls are sufficient for the typical user. 

However, malware is a potential threat for every computer, including Linux, Unix, and macOS machines. If you believe that your computer has been infected by ransomware or any other type of malware, take these steps:

  1. Keep your computer disconnected from the internet. Some malware may actively transfer data (including passwords and other sensitive information) to bad actors.
  2. If the malware has compromised important data, make a list of important files. If you have a backup, use it for disaster recovery — but don’t plug external hard drives or other devices into the affected machine. 
  3. Document any activities that may have enabled the infection. For example, if you recently downloaded software from a torrent website or clicked on an email link from an unknown source, that information could be helpful for identifying and resolving the infection. 

If you don’t have a backup, you’ll need to contact a professional data recovery provider. Malware can corrupt key files and render the machine unusable, and manufacturer warranties generally don’t cover data recovery services. 

However, an experienced data recovery firm should be able to handle the project — even “successful” macOS ransomware variants rarely encrypt all data, and reversing the damage should be fairly straightforward.

At Datarecovery.com, we provide free evaluations and support our services with a no data, no charge guarantee: If we’re unable to successfully recover important files from your macOS device, you don’t pay for the attempt. 

To learn more, call 1-800-237-4200 to speak with an expert or submit a case online.