More »

Synchronized Security

Next-gen security with real-time intelligence sharing between your endpoints and firewall. More »


Why your Android antivirus app never works out the way you plan

Everyone could get very unlucky and have a hard time getting it off their phone. You might have thought that you could not get viruses because they are made for computers, but they will run on your phone or tablet just like they were running on your computer. You must have a look at antivirus software, but you need to be much smarter about how you use them. You have to use your wits and need to be certain that you have found something that works.

1. Do not get just any antivirus app

You cannot just take the first Android antivirus app that you have chosen. This means that you could actually introduce more viruses to your phone because you will actually get these viruses from fake antivirus companies. You have to do your research online, and then need to know what you can do to make the right choice. Choose the one which has an ability to remove Android adware as well as other malicious objects.

2. What should the app do?

You have to remember that all apps work differently, and they all have their own list of viruses that they will eliminate for you. You could get something that will just eliminate anything it finds on a large scan of your phone, but you might lose important large files that get mistaken for viruses. That also means that you have to remember that the app should give you an option to clean the phone and pick out things that are not viruses.

3. Removing Viruses

You should check out the viruses that all these apps remove because they are all different. You could get an app that only removes the most common viruses, or you could choose something that actually removes all the worst viruses. They put all the viruses that they combat in the update script for their app. You could read a pretty long list of these viruses, and should choose the app that actually has the most power.

You also need to look and see how these apps do their job because they are all different. You might run across some things that you did not know about, and that app might be the one to choose because you realize that app can actually clean your phone.

4. Quarantine

You need an app that will actually quarantine your phone and hold back any viruses that it detects. This is important because you get an instant look at the things that might have found their way onto your phone. It is true that it might take a long time for you to get rid of the virus, but you need to know that it is there. You cannot wait for your daily scan to find out that a virus has been on there all day, and you need to the checkbox for alerts so that you can see the quarantine list.

5. Paid apps

The paid apps that you find online are not always better than the free apps. You could run across a paid app that does not tell that to you have to pay until the last second, or you could get an app that will only do so much until you pay. You should pay for anything until you know for a fact that the app works. To do this you need to go to the reviews because that is the only way that you can learn anything about how they do their work.

Seven ways to detect ransomware beyond antivirus

Ransomware is a creative malware that infects systems and locks down data, preventing users from accessing it until a ransom is paid. It can affect individuals and businesses alike, but can become a critical threat for enterprises dealing with huge amounts of data.

Once you are infected with it your data is more or less lost, unless backups are available. In these types of threats, it is better to focus on prevention and detection mechanisms before it is too late. Due to the evolving threat situation in the Ransomware space, it is ineffective to have a signature oriented approach to detection. The new breed of security products need to be multi-pronged and should be able to look at multiple dimensions to protect an organisation or individuals from such attacks. Here are some pointers to these dimensions that you will need to look at to protect yourselves from such attacks.

Secure Network Shares

At a basic level, none of the shared folders should have read\write rights to “Everyone” in the group. Malware needs to propagate further to maintain stealth and persistence in the network. It will have to find a mechanism to copy files to the connected target machines. Ensuring shared folders do not have open ended permissions can prevent this from happening. Tools to warn you of such violations should be deployed.

Regular Analytics on Service Usage

If you are not using any services, then it is better to stop them. Unused services are often not monitored and tend to remain undetected. Malwares look for such gaps and use them to piggyback and maintain stealth. Tools to detect such unused services will enable you to make decisions on stopping such services.

Detect Internal C&C Accounts

Malwares create local accounts to conduct activities in a stealth mode. Once a malware gets hold of a local account, its activities become authorized and an antivirus  may not be able to flag it. The solution is to run periodic discovery tools for user accounts across the systems and detect such Command & Control accounts.

Actively Detect Rogue Browser

A common entry point for Ransomware is through browsers. Most times malwares are pushed into a system through malicious plugins that get installed by users while browsing. Tools that can continuously scan browsers across network endpoints and force its removal is needed.

Applying Threat

Firewall, IPS, WAF, NetFlow and Proxy are devices through which outbound traffic of your organization goes through. The need of the hour is to have a tool that can sift through this outbound data across these technologies. Such centralized monitoring tools of all outbound traffic combined with the ability of the tools to apply Threat Intelligence on malware sites, IP addresses, C&C and Botnet URLs to the outbound traffic data will help in detecting malicious network activities.

Scan for Indicators of Compromise

There is usually a delay in anti-virus signatures of new malwares and variants. Till the signatures are established you are at a risk. Some Ransomware type of malware does not have fixed signatures. They keep changing their signatures to avoid detection. In such a situation, other Indicator of Compromises (IOCs) should be used for detecting malware. There is a need for IOC-based scans rather than signature-based scans.

Detect Drive by Downloads

The indicators of Drive by Download are available in Proxy, NetFlow and DNS logs. Tools that can analyse such logs to determine patterns or outliers indicating Drive by Download behaviour is needed.


Why antivirus peace of mind doesn’t have to cost you… anything

Investing in an antivirus solution can often be a tedious task that requires a lot of forethought and research before you are willing to hand over large sums of hard-earned cash.

There are a lot of solutions out there that can promise the world, while installing a whole bunch of extra ‘add-on’ features that frankly most users won’t ever use or think about.

Paid antivirus solutions do have the potential to offer a lot of value for money, but for users who just need to get a robust degree of protection to thwart the latest immediate threats, free solutions can be a great alternative.

Bitdefender Antivirus Free takes this one step further, providing advanced real-time protection to Windows operating systems against a vast range of modern threats.

Bitdefender Antivirus Free Edition is blazing fast, free to use, and loaded only with the bare-bones protection features that every computer needs.

The solution leverages in-the-cloud scanning technology to effectively reduce the impact of the product on the system to zero, meaning you’ll essentially never notice any performance degradation at all.

Although it’s unobtrusiveness is at no sacrifice to the solution’s effectiveness, which is where this surprisingly powerful antivirus really shines.

Bitdefender Antivirus Free offers an intelligent approach to antivirus protection, with automatic protection against all e-threats.

The solution features market-leading virus scanning and malware removal, with powerful scan engines to ensure immediate removal of all malware, including worms, trojans, zero-day exploits, rootkits and spyware.

It also helps users thwart more modern and trending attacks, like ransomware, phishing and e-fraud, giving users peace of mind when accessing emails, online shopping or banking websites.

With real-time threat detection, the solution automatically checks for behavioural anomalies and closely monitors your active apps, taking immediate action when anything suspicious is detected.

It also leverages Bitdefender’s web filtering technology, ensuring that users never land on a harmful website.

Overall, Bitdefender Antivirus Free Edition is an antivirus solution that users can rely on, without shelling out any cash at all.

It uses a minimalistic approach to make sure of the one thing that matters, whether you’re a rookie or a techie, your PC will be defended against intruders.

Why security suites are ousting traditional antivirus programs

For a while, the humble antivirus was considered by many as a cure-all for any malicious piece of software or script that interfered with a user’s browsing experience. And it still does exactly that.

But here’s the crunch – criminals haven’t been idly sitting by and watching antiviruses destroy their attempts to profit from your computer.

In recent years, user privacy and security have become paramount, while criminals attempt to coerce, steal and manipulate users for their data. That data can be monetised, which means payday for the criminals.

Online security has evolved beyond traditional antivirus programs to offer a range of additional solutions that complement each other.

Security suites include antivirus protection in their solutions, but they can also offer VPNs, password managers, online banking, PC performance improvement, and parental controls.

Take Bitdefender, a cybersecurity firm that is trusted by more than 500 million people worldwide.

The Bitdefender Internet Security 2018 suite offers not only antivirus, but also a full range of security features covering protection, performance, and privacy for multiple devices.

Protection includes antivirus, webcam protection, anti-phishing protection, secure browsing, anti-fraud, and advanced threat defence.  Here’s a sampler of what each category can provide.

Performance includes Bitdefender Autopilot (it eliminates those nagging popups and dialog boxes), battery mode to optimise system settings, a global protective cloud network that has minimal impact on local resources.

Privacy includes a VPN that encrypts all of your internet traffic, a dedicated browser for online banking and shopping, a privacy firewall, social network protection, a password manager, file shredder, and a quick risk checker.

Bitdefender engineered all these features to receive continuous updates and continuous protection.

The company even spruced up its antivirus platform, called Bitdefender Antivirus Plus 2018, to include extra tools such as anti-phising, anti-fraud, Bitdefender VPN, social network protection, a password manager, and a file shredder. It’s not just an antivirus – it’s a package of tools to help keep your Windows device safe.

Security suites and antivirus programs are undoubtedly a necessary part of online protection. You should aim to combine tools that ensure overall system health and data privacy. Why? Because it’s less likely that criminals will get their hands on the information they desperately want to continue their crime sprees.

Bitdefender Antivirus Plus 2018 and Bitdefender Internet Security 2018 can take on those challenges and much more to provide a holistic and protected online experience.

Evil Malware Turns Antivirus Software Against PCs

A new proof-of-concept exploit known as DoubleAgent can not only hijack third-party Windows antivirus software, but use said software to deliver further attacks. While there’s no evidence that the exploit has made its way into the wild yet, most antivirus programs are still completely susceptible to it.

The entire point of antivirus software is to prevent malicious programs from compromising your system. But what happens when the malicious program in question can compromise your antivirus?

For now, only AVG , Malwarebytes and Trend Micro have patches available on coming soon. You could also just use a Linux or macOS instead of Windows, although they’re not entirely invulnerable, either. Or you could disable your existing third-party antivirus software and rely on Windows Defender, although it doesn’t hold up well against zero-day malware.

This research into DoubleAgent comes from Cybellum, an Israeli cybersecurity company that specializes in zero-day exploits. Although DoubleAgent is an artificially constructed bit of malware, the flaw it preys upon is very much a zero-day vulnerability.

Windows uses a tool called Microsoft Application Verifier that helps software developers check for bugs in Windows-based programs. Every Windows program is subject to the Verifier’s scrutiny, including antivirus software.

By crafting a phony registry key and a predatory DLL file for the Verifier to read, Cybellum was able to take full control over the Norton Security antivirus program. (A dynamic link library, or DLL, is a code repository that can used by more than one application. This attack uses the old “DLL hijack” technique to get an application to mistakenly load code from a malicious DLL.)

Cybellum even added a cheerful little skull graphic and the helpful message “You Have Been Hacked!” to Norton Security’s startup screen. Real hackers will probably not be so courteous.

Cybellum theorizes five possible attack vectors for cybercriminals using DoubleAgent. The first, and most obvious, scenario would be to turn the AV program itself into malware. A second, more subtle, method would be to leave the antivirus mostly alone, save for telling it to whitelist malware that malicious hackers want to spread. Similarly, a third method would tell the antivirus to ignore malicious remote activity, such as data-mining and decryption.

The other two methods are much less subtle, but just as devastating to the end-user. Antivirus programs often have top-level privileges, which would allow them to encrypt files or format a hard drive without the user’s permission. As such, antivirus software could be used as ransomware.

Finally, an attacker could make antivirus software flag and block any other application, causing a denial-of-service condition for just about any program on Windows, from an internet browser to a productivity tool. It’s not hard to see how an attack like this could cripple computers in a corporate setting, even if only for a day or two.

Remember, too, that DoubleAgent can compromise almost any program on Windows, not only antivirus software. Antivirus software, with its high system privileges, is just a quick and easy way to exploit this newly disclosed flaw.

“Since the DoubleAgent technique uses legitimate operating system mechanism to inject its code, it can’t be patched and this injection technique will live forever. So there is no notion of a patch,” the Cybellum blog noted.

Compromising a user’s antivirus program could theoretically be only the first step in a much more intricate attack. Microsoft does have a framework called Protected Processes that lets antivirus developers “sign” code to prevent such attacks — but until very recently, only Microsoft’s own Windows Defender program used it.

Cybellum shared its research with a number of antivirus companies. Vulnerable AV programs include those from Avast,Sophos, AVGAviraBitdefenderTrend Micro, ComodoESETF-SecureKaspersky Lab,  McAfeePanda, Quick Heal and Norton.

Bleeping Computer reports that Malwarebytes, AVG and Trend Micro have either been patched, or will have a patch in the immediate future. Other companies are hopefully working on fixes, but there’s no guarantee that they’ll keep you safe.

As usual, keeping your antivirus software patched and up-to-date is your best defense against DoubleAgent. Even if your AV provider isn’t one of the three with a fix (almost) ready, it will probably get an update sooner rather than later. Since DoubleAgent isn’t out in the wild just yet, you probably have a little time before the attacks begin in earnest — if they ever do.

Don’t Trust Google Play Protect to Shield Your Android

Google Play Protect is supposed to protect users from malicious apps in the Google Play Store — but of 20 Android programs evaluated by AV-Test, Google Play Protect bears the dubious honor of being the only one that doesn’t routinely protect its users.

Those results come from AV-Test, a Madgeburg, Germany-based security firm, which periodically evaluates antivirus programs for Windows, Mac OS, Android and Linux. Overall, the results of its latest antivirus testing were pretty encouraging. Of 20 programs tested, AV-Test awarded 12 perfect scores and 19 recommendations. Only Google Play Protect didn’t make the cut.

AV-Test scores each AV suite out of a possible 13 points: six for protection, six for usability and the one remaining point for extra features. Earning eight points is enough to secure at least a tentative recommendation from the company.

Perfect scores were incredibly common. AhnLab V3 Mobile Security, Alibaba Mobile Security, Avast Mobile Security, AVG AntiVirus Free, Bitdefender Mobile Security, G Data Internet Security, Kaspersky Lab Internet Security for Android, McAfee Mobile Security, PSafe DFNDR Security, Symantec Norton Mobile Security, Tencent WeSecure and Trend Micro Mobile Security & Antivirus each earned 13 points apiece. If you’ve secured your phone or tablet with one of these programs, you’ve got nothing to worry about — and if you haven’t, you probably should.

At the other end of the spectrum was Google Play Protect, with an ignominious zero points earned in protection. (At least it got six for usability.) The program detected only 63 percent of real-world malware and 71 percent of reference data malware that AV-Test threw its way.

This may not sound like a problem, since Google Play Protect is not a traditional antivirus suite like the other programs tested. Remember: Google Play Protect scans programs within the Google Play Store itself before you download them, then keeps tabs on them periodically once they’re installed. It’s not running scans and quarantining files like a standard AV suite.

However, remember that in most cases, it’s trivially easy to fool the Google Play Store into accepting malware. For every shady program Google Play removes, there are probably still ten more lurking in the shadows. Google Play Protect is often an Android user’s only line of defense against malware. If it’s not stopping 30 to 40 percent of it at the source, it’s not providing protection when it counts most: before users ever install something compromising.

In-between the perfect products and Google Play Protect are a handful of programs that scored between 10 and 12.5 on AV-Test’s scale. These include Antiy AVL, Avira Antivirus Security Pro, Cheetah Mobile Security Master, F-Secure SAFE, Ikarus, Quick Heal Mobile Security and Sophos Mobile Security. If you have one of these programs, you’re probably fine, but don’t be surprised if the protection or usability aren’t perfect.

Ultimately, Google Play Protect’s lapses aren’t shocking, given that it’s not a full AV suite, but it does mean that average Android users are not nearly as well protected as they could be. Since some of the other suites on offer are free, it’s worth installing one and at least performing a system scan. The only thing worse than knowing that your Android device is compromised, is not knowing that your Android device is compromised.

AVCrypt ransomware attempts to eradicate your antivirus

The malware attempts to take your antivirus products out of the equation before locking systems.

A new type of ransomware which tries to uninstall security software on victim PCs has been discovered in the wild.

The ransomware, dubbed AVCrypt, was first discovered by MalwareHunterTeam and later analyzed by security professionals at Bleeping Computer.

According to an analysis of the malware, AVCrypt will attempt to not only remove existing antivirus products before encrypting a compromised computer but will also delete a selection of Windows services.

Researchers Lawrence Abrams and Michael Gillespie say that the ransomware “attempts to uninstall software in a way that we have not seen before,” which marks the malware as unusual.

The true purpose of the malware — which appears to be ransomware due to its capabilities — is also in question, as some elements appear unfinished. There are elements of encryption, but no true ransom note, and together with AVCrypt’s process deleting, it is possible the malware may also be utilized as a wiper.

It is not yet known how AVCrypt targets victims. However, when the malicious code executes on a victim’s PC, the malware will first attempt to remove security software by targeting Windows Defender and Malwarebytes, or by specifically querying for other antivirus software before attempting to uninstall the programs.

In order to eradicate AV products, the ransomware deletes Windows services which are required for the protective services to run properly, including MBAMProtection, Schedule, TermService, WPDBusEnum, WinDefend, and MBAMWebProtection.

The malware then checks to see if any antivirus software is registered with the Windows Security Center and deletes these details through the command line.

During tests, however, the researchers say that the malware was unable to delete Emisoft antivirus software through these techniques.

Whether or not the deletion of Windows services to hamper AV protections would work with other solutions is unknown.

The wiper features do not completely destroy Windows builds, but likely will cause service degradation.

Once this stage is complete, AVCrypt then uploads an encryption key to a TOR location together with system information and timezone. The malware then scans for files to encrypt, renaming them in the process.

The ransom note, saved as “+HOW_TO_UNLOCK.txt,” does not contain any decryption instructions or contact information; instead, there is what appears to be placeholder “lol n” text.

It appears that the ransomware is in development stages, and while there is a tenuous link between AVCrypt and a recent attack on a Japanese university, it is not known whether the malware was responsible.

Microsoft told the publication that only two samples of this malware have been detected and so the company also believes that AVCrypt is not yet complete.

“This ransomware is quite destructive to an infected computer, yet at the same time does appear to upload the encryption key to a remote server,” the researchers say. “Therefore, it is not known whether this is a true ransomware or a wiper disguised as one.”

Microsoft: Windows Defender now rules antivirus on business PCs… running Windows 10

Microsoft’s new investments in Windows Defender and its advanced threat protection program appear to be paying off in the enterprise at least on Windows 10.

The company today announced that Windows Defender Antivirus, once shunned as “basic protection” because of its it’s relatively low malware detection rates, is now the most widely deployed antivirus among enterprise organizations.

But there is a catch to that claim. As Brad Anderson, Microsoft’s vice president of enterprise mobility and security notes, Windows Defender is the antivirus of choice on more than 50 percent of Windows 10 devices in the enterprise.

That’s an important milestone but an equally important distinction given that Windows 7 is still likely the dominant desktop platform in the enterprise, despite Windows 10 becoming the top desktop OS globally in January, according to web analytics firm StatCounter.

Microsoft’s latest monthly active user figures in November said that Windows 10 was running on 600 million devices worldwide.

Web analytics firm Net Applications’ March report of a slight uptick in Windows 10 share growth convinced Computerworld’s Windows watcher Gregg Keizer that the bump was due to upgrades by businesses preparing for the end of Windows 7 support, and the fact that Microsoft’s free-upgrade period for consumers ended long ago.

Regardless of Windows 10 adoption among businesses, Anderson offers troubling statistics for enterprise security vendors.

Windows Defender has an 18 percent share of Windows 7 and Windows 8 devices in the enterprise, while over half of Windows 10 enterprise devices use Microsoft’s own built-in antivirus.

Anderson also highlighted Microsoft’s dramatically improved performance ratings in tests carried out over the years by independent antivirus testing outfits, such as AV-Compartives and AV-Test.

Prior to 2015 Microsoft Security Essentials and Windows Defender was trailing behind the Kaspersky, McAfee, Symantec and many others. But in February, Windows Defender was among four products that scored 100 percent alongside Kaspersky, McAfee and F-Secure.

Anderson said Microsoft’s results improved markedly throughout 2015 and have risen to perfect and near-perfect scores in 2017 and 2018, which don’t take in to consideration its Windows Defender ATP exploit mitigation features and hardware-based defenses.

Windows chip flaw patch is crashing some PCs, making them unbootable

Here’s some bad news for Windows users. Microsoft’s latest patch to protect Windows users from the Meltdown and Spectre chip vulnerabilities was found to be incompatible with various types of anti-virus software.

The worst part is this, users with non-compliant antivirus software will not be able to install any Windows security updates at all unless the software makers tweak their software or the user uninstalls the software completely.

It’s a double whammy of sorts, leaving Windows users with either crippled security software or no protection against Meltdown. Yikes.

Microsoft’s Meltdown patch

During Microsoft’s testing of its latest January Windows patch, the company found that some antivirus programs are making “unsupported calls into Windows kernel memory,” which can cause dreaded Blue Screen of Death (BSOD) errors when the patch is applied.

Even worse, some Windows machines are even rendered unbootable when the patch conflicts with affected antivirus programs that integrate deeper into a Windows machine’s kernel.

Here’s what’s causing this issue. Since the Meltdown patch separates the kernel’s memory from user processes completely, antivirus programs that violate Windows’ built-in rootkit protection aka Kernel Patch Protection are causing Blue Screen of Death errors and endless reboot loops.

This means some Windows antivirus programs are going beyond what they’re supposed to access (i.e, protected areas of the kernel). Since the patch stops this access, the affected antivirus programs themselves are now causing errors in Windows.

Note: A kernel is a very integral part of an operating system considering it has complete control over it, connecting software to various parts of a computer.

Microsoft’s “solution”

To prevent these errors, which can render certain Windows machines unbootable, Microsoft will not push nor install security updates to computers that have the affected antivirus software installed.

Antivirus makers will have to test their software to make sure that it’s compatible with the Meltdown patch then update it with a specific Windows registry key. Once these steps are done, the Meltdown security updates can then be installed.

The company also said that this will be the new rule moving forward. Computers with antivirus software that do not have this registry key set won’t be able to get security updates at all…ever.

This leaves users with these options. Either uninstall non-complying antivirus software completely or your machine will not be able to install security updates. Well, for most users, the choice is pretty clear-cut. You don’t really want your machine to NOT have the latest patches.

Antivirus makers are left with no choice

Microsoft said that it is working with antivirus makers to resolve this issue but there’s a problem. While some developers are complying, other antivirus programs will completely break since they rely on kernel access to even function. Denying them this access will require a complete rewriting of the software.

Antivirus software companies who have complied with Microsoft’s requirements include AVG, Avast, Avira, Bitdefender, ESET, F-Secure, Kaspersky, Malwarebytes, Sophos, and Symantec.

McAfee, Trend Micro and Webroot are also working to tweak their software for compatibility soon.

Next-generation security providers like Palo Alto Networks, FireEye, Cylance, and CrowdStrike claim that their software has been tested to be compatible but they are not willing to set the registry key required.

Companies that have yet to confirm compatibility nor set the registry key include 360, VIPRE, and Countertack.

How to Remove Virus from Mac?

Mac malware does exist even though it is very rare. Recently, there have been a few notable malware and virus reports although a huge difference compared to Microsoft Windows is that there has never been a Mac malware epidemic. However, this does not mean that Mac has not come under spotlight for virus and malware creators. There are indeed people who still see Macs, including their users, as key targets. Let’s see how to stay safe and get rid of the viruses and malware these people try to dump on your Mac.

Here are some of the symptoms of viruses and malware that you could encounter in your Mac.

  • Your Mac suddenly becomes slow, as if there is some software running in the background chewing up resources
  • All web pages are overlaid with adverts, even those where you do not expect to see adverts
  • Going to your favorite sites does not always work, and this appears as if something is haphazardly redirecting you to spam advertising pages.
  • Advertising windows pop up on your desktop, apparently unconnected with any browsing you are doing or any program that is running.
  • You find there is a new toolbar in your browser that was not installed by you. These toolbars usually claim to make it easier to shop or search.
  • You discover any web searches are unexpectedly redirected away from your usual search engine to another site you have never heard of, in other words, the results appear in a page that is faked up to look like your usual search engine.

You don’t have to panic if you come across these symptoms as they do not always mean as if there is a malware or virus infection in your Mac. If your Mac has been infected, you should never Google a description of the problem and install the very first thing you spot that guarantees to be able to fix things. Unfortunately, a lot of software that in fact claims to be capable of fixing Macs is in fact malware itself, or is just fake and designed only to make you spend too much of your money. The bad people behind this software actually manipulate Google’s search results such that it appears at the top, enabling their apps to look unbelievably convincing and also professional.

Mac Virus Removal

There was a time when Mac computers were considered to be almost ‘virus-proof’. Sadly, this is no longer the case. The quantity of Mac viruses is presently growing at an alarming rate and solid protection against these threats is thus becoming the need of the hour if you want to prevent file corruption, identity theft or interception of your credit card details. If you think your Mac is infected by a virus or malware, you will need to make use of the best Mac antivirus or try applying the key steps discussed below to clean up things:

1. No more passwords

Going forward do not type any passwords or login details just in case a hidden keylogger is running. This is a very common component within malware. You need to be aware that several keylogger-based malware or viruses also periodically secretly take screenshots, hence you need to be careful not to expose any passwords by copying and pasting from a document, for instance, or by clicking the Show Password box that at times appears within dialog boxes.

2. Activity monitor

If you surely know that you have installed some malware, then quit out of that app by tapping Cmd + Q, or clicking Quit in the menu after making a note of its name.

Open Activity Monitor in the Utilities folder of the Applications list. Use the search field at the top right to search for the app’s name. You may find that it is in fact still running, even though you have quit it, thus go ahead and select it in the list and click the X icon at the top left of the toolbar and select Force Quit.

It should also be noted that most malware authors are wise to this and will inded modify their code so that it employs non-obvious names, which makes it almost impossible to uncover this manner.

3. Change passwords

Change all your passwords once you are sure the infection has been cleaned up. You will have to change passwords even for websites, apps, cloud services, and so on.

Wondering how to proceed, you will have to inform your bank or financial institutions of the infection and get their advice. At the very least they mostly make a note on your account for operatives to be extra vigilant if in case anybody tries to access it in future, or you could be issued with new details.

4. Keep (mostly) offline

As frequently as possible you should try and turn off your internet connection by either disconnecting the Ethernet cable if you are using a wired network, or clicking the Wi-Fi icon in the menu back and then selecting Turn Wi-Fi Off. Try to keep your internet connection turned off until the point when you are sure that the infection has been cleaned up. This indeed will prevent any more of your data being sent to a malware server.

5. Bitdefender

If situations where you cannot restore from a backup, open the Mac App Store and download the free-of-charge Bitdefender Virus Scanner. After it gets downloaded and installed, open the app and click the Update Definitions button, then click the Deep Scan button. Finally, you will have to follow the instructions to permit the app full access to your Mac’s hard disk.

6. Credit-card details

You will have to delete a particular app or file permanently if you are sure that your Mac was infected after opening that particular app or file. Do this by putting it into the Trash, and then emptying the Trash.

If you had carried out an online payment for the malware, which you believed is a legitimate antivirus app, then you will have to immediately contact your bank or credit card company and explain the situation to them. Do this not to get a refund, though it could be possible, but mostly to ensure that your credit card details are are misused.

7. Clear cache

Under the assumption that you have not been able to restore from a backup and have had to scan your Mac with the help of Bitdefender, you should also make sure to clear your browser’s cache.

In Safari this is possible by clicking Safari > Clear History, and then selecting All History from the dropdown list. Then click the Clear History button.

In Google Chrome this can be carried out by clicking Chrome > Clear Browsing Data, then in the Time Range dropdown box selecting All Time. Then click Clear Data.

8. Empty the Download folder

You can drag everything to the Trash, and then empty the Trash.

9. Reinstall macOS

You may have to completely reinstall macOS and your apps from scratch after wiping the hard disk as this could at times be the only way to guarantee that you are clean of an infection.

10. Shut down and restore

You can also instantly shut down your Mac and then restore from a recent backup, such as one developed with Time Machine. Evidently, this backup should be from a time before you assume your computer got infected.

After backup restoration, be careful when rebooting not to plug in any removable storage or to open the same dodgy email, app or file. You will have to scan removable storage devices through an antivirus app on a Windows computer in order to remove the Mac malware – even though it is Mac malware, it will still be detected by antivirus apps running on other platforms.