How to remove malware from Safari on Mac?


Attackers can inject malware into Apple Safari browser which leads to usual activities like different search engines, website loading issues, malicious ads and pop-up windows etc. However, we can easily remove these malware injections after resetting data, settings and extensions back to normal.

Unlike Windows and Android devices, Apple computers are not very popular for being the target of viruses and malware. Mac and iOS devices have a robust security model that is exceptionally difficult to penetrate.

However, in recent years, cybercriminals have taken advantage of Apple’s ecosystem components to inject undetectable malware into computers. Safari being a salient component of iOS and Mac, has been significantly targeted to satisfy the ultimate goal of script kiddies and hackers.

These malware injections are dynamic and vary widely and depending on the objective of the attacker. The worst part here is that most of the users are unaware of their web activity and functions.

A few weeks ago, the malware was injected into my Safari browser, causing it to slow down and load ads that are impossible to ignore all over the place. When malware hits your Safari browser, it triggers all kinds of unusual behavior and suspicious activity like this.

So if you come across any suspicious or abnormal activity throughout your browsing session, there is a high chance that there is malware in your browser.

Fortunately, I was able to extract the malware from Safari browser, but in case you get stuck in a similar position, here are some of the most effective ways to check and remove malware from your Mac Safari.

Check for malware in Safari Mac

Whenever malware gets into your system, it creates certain disturbance and abnormal behavior in your Safari browser. It can either redirect you to different pages all of a sudden and show unwanted pop-up ads out of the blue.

An example of a potential threat to Safari is the Bing redirect virus, which has long dominated in 2019. It is used to redirect user’s internet traffic to the bing homepage without any permission.

And even if users managed to identify the potential threat, no one would be able to figure out what its purpose was or how to check it.

When browsers like Apple Safari, Google Chrome, Mozilla Firefox, etc., these infections mainly occur in extensions and plugins. So, the first method to confirm such threat is to identify suspicious extensions on their browser.

Remove suspicious extensions

The main source of malware in Safari browser is due to third party extensions or plugins. These extensions are automatically installed when you visit a questionable download website. And hence, they display advertisements or use your browser performance to mine the cryptocurrency.

Either way, it’s hard to find them, but the best way to deal with these suspicious extensions is to remove them.

Here are the steps to remove suspicious extensions from Safari Mac browser:

  1. Open Safari browser on your Mac.
  2. Click on the Safari menu and select the Preferences … submenu.
    Safari Preferences Menu
    This will open the Safari preferences window.
  3. Switch to the Extensions tongue.
  4. Look for suspicious extensions installed.
    Uninstall Safari browser extensions
  5. Select the extension and press Uninstall to remove from Safari.

This will immediately remove the extension and make the browser less vulnerable. However, the extension can already make changes to the settings; it is better to check and reset options to normal state.

Under the same Safari preferences window –

  • Switch to the General and set a preferred home page for your Safari browser.
    Set a custom homepage URL in Safari settings
  • Again, go to Search tab and set your default search engine.
    Set Google as search engine in Safari browser

Restart the Safari browser and check if the problem no longer appears. However, if the problem persists in your browser, try the next method on our list.

Reset Safari Settings to Default

Extensions come with special privileges and permissions so that they can change your Safari browser settings. This, in turn, shows suspicious behaviors like unnecessary ads, slow web pages, etc. Resetting the safari settings on your mac will remove any malicious configuration injected by the malware.

Here are the steps to reset Safari settings to default configuration:

  1. Start the Searcher window on Mac.
  2. Press and hold the Option button and select the Go menu.
  3. Select the Library option from the drop-down menu.
    Go to find library files
  4. Move towards Library > Preferences folder.
  5. Wipe off[] file in the preferences folder.
    Move the list of Apple Safari profiles to the trash

We have removed the default configuration file. Simply restart the Safari browser to regenerate the new configuration file that we deleted. It should clear all malware injections.

Clear cache and history

The cache is a temporary storage solution for the browser, which allows Safari to load certain web pages more quickly. But if the malware is hiding in the cache files, it will create a problem even after you reset or clear your browsing history.

Additionally, a full cache can slow down your safari for website performance, so it is recommended that you clear your browser cache every six months.

Here are the steps to clear Safari browser cache on Mac:

  1. Launch the Apple Safari browser.
  2. Click on the Safari menu and select the Preferences submenu.
  3. Switch to the Advanced tongue.
  4. Check the box of Display the Develop menu in the menu bar.
    Show Develop menu in menu bar on SafariThis will activate a new Develop menu in the Safari menu bar.
  5. Click on the Develop menu in the menu bar.
  6. To select Empty caches from the drop-down menu.
    Clear the cache of the Develop menu in Safari MacIt will clear and empty all cache files stored in Safari browser.
  7. Then click on the History menu in the menu bar.
  8. Click on the Clear story … option.
    It will display a dialog box on the screen.
  9. Choose a Time range and click on the Clear story button.
    Clear Safari browser history

Note: Choose the “All History” option for best results.

Delete website data

Website data includes special features such as your cookies and your browsing or behavior patterns. These may also include your login sessions or other website identifiers.

If your browser is infected with malware, it can retrieve sensitive information through website data, so it is better to delete it.

Here are the steps to delete website data on Safari Mac:

  1. Launch the Apple Safari browser.
  2. Click on the Safari menu and select the Preferences submenu.
  3. Switch to the Privacy tab and click the Manage website data … button.
    Manage website data option in Safari browserIt will open the stored data and the website cache.
  4. Knock on the Remove all option.
    Delete stored data from Safari browser
  5. Click on the Delete now button.
    Delete all data stored by websites from Safari browser

It will delete all stored website data and Safari browser cache files.

Bottom Line: Remove Safari Malware

If you’re lucky enough, the first method should work fine for you. However, if it fails to fix your problem in the worst case scenario, the second method will surely do the trick, but the only problem is that you will end up losing all your saved data in the browser.

Either way, these methods are the most effective ways to remove malware from Safari Mac and return your browser to its normal working state.

Let us know what explains the successful removal of malware injected into Safari browser. Plus, everything you tried worked to remove the malware.

Finally, here are the recommended web browsers for your computer and mobile phone that you should try.

If you have any ideas about How to remove malware from Safari on Mac?, so feel free to drop the comments box below. If you find this article useful, consider sharing it with your network.

Also, please subscribe to our BrowserHow YouTube channel for helpful video tutorials.

Leave a Reply

Your email address will not be published. Required fields are marked *