Tech Tip – Is your Mac infected with AdWare? Well, I guess the first thing is to explain exactly what AdWare is.
What is AdWare
AdWare is a term used to describe a form of malicious software (Malware) that displays unwanted advertisements on the infected computer. These may be in the form of a pop-up window or even an advertisement window that cannot be closed. While many consider AdWare only an irritant, it can become a major problem.
If your Mac is infected with AdWare it will attempt to change the way your browser and even your Mac functions. If your Mac is infected you may experience:
- Advertising banners appearing on web pages that you visit
- Being randomly redirected to another website
- Browser popups appearing and recommending fake updates or other software
- Your default search engine replaced
- Icons appearing on your desktop for software you didn’t install
- New toolbars, extensions, or plugins being added to your browser
- Your Mac fan coming on or your battery depleting earlier than expected
Built-in Protection
How likely is it for your Mac to be infected? Much less likely that if you were using a PC, but there is a growing chance on your Mac being infected. Apple includes XProtect in macOS to catch Malware [7,8]. It has been part of macOS since 2009 and Mac OS X 10.6 Snow Leopard. XProtect scans downloaded files to see if any match the malware descriptions [6]. It does a pretty good job, but some software we might consider ‘malicious’ passes the test as legitimate software.
Fortunately, XProtect is a macOS feature that is on by default and does not need to be enabled [4]. The only thing you need to do is make sure that the malware definition files are being updated [5]. Go to System Preferences ==> App Store and make sure the box next to “Install system data files and security updates” is checked.
You can also increase your protection by changing your DNS provider to Quad9. (See “Quad9, a Better Choice for your DNS“).
How to Check for AdWare
I came across the video [10] above by MacMost that gives a quick look at how to detect if AdWare is installed on your Mac. This is actually what got me started on this article. If your Mac is experiencing any of the symptoms listed earlier in this article, you should take a look to see if AdWare is installed.
The video shows a few of the common places to look for AdWare. There are actually several locations to look at and specific files to look for [11].
You may also want to review the installed Applications as well as check the Safari Extensions that are enabled. You should also go to System ==> Applications ==> Utilities ==> Activity Monitor. Under the CPU heading see if there are processes running with high utilization that you do not recognize. If you find any, do a search on them to find out what they do and if they are trusted.
References
- How to tell if your Mac is infected
- PSA: Here’s how to check for – and remove – the Mac malware mshelper
- Detect & Remove Adware from Mac OS X Easily with AdwareMedic
- how to enable Xprotect malware protection
- Apple cracks down on adware
- XProtect Explained: How Your Mac’s Built-in Anti-malware Software Works
- Just what do XProtect and MRT protect your Mac from?
- Apple Updates XProtect Malware Definitions for Trojan OSX/Snake.A
- Detect & Remove Adware from Mac OS X Easily with AdwareMedic
- Checking For and Removing Adware From Your Mac
- How to eliminate the adware that’s plaguing your Mac
See my other Mac and macOS articles
John's Notes 