Keyloggers are just 1 type of malware that threatens your computer. So it’s imperative you know what they are and how to detect a keylogger on a Mac.
Fortunately, keyloggers are easy to remove (with the right tools and knowledge). This article will provide you with everything you need to know.
What are keyloggers, and how do they work?
A Mac keylogger is a type of malware that, when it arrives on your device, begins detecting your keyboard activity. It sends a record of all of the keys pressed back to a third-party server owned by the keylogger’s maker.
By logging all of your key presses, the hacker can see your usernames, passwords, credit card numbers, personal chat messages, and other sensitive private data you’ve inputted into a website.
It’s worth pointing out that keyloggers do also have legitimate uses. Some employers use them to ethically monitor their employees. Parents may also use them to keep an eye on their child’s computer usage.
However, the focus of this article is on keylogger malware (such as Spyrix).
How to detect a keylogger on a Mac
So, how do you find a keylogger on a Mac computer? The best option is to use our favorite Mac keylogger detector tool. But you can also check for a keylogger on a Mac manually, which is slightly less reliable.
Check for keyloggers with CleanMyMac
The best keylogger detection software for Mac is CleanMyMac, powered by Moonlock Engine. By scanning for keyloggers, it will pick up any hidden threats and securely remove them for you.
Later in this article, we’ll provide a step-by-step guide on how to do this with CleanMyMac.
Check your Applications folder for suspicious apps
Any malware, whether it’s a keylogger or something else, needs a location on your computer from which it can operate. This is often an app that has been installed on your Mac without your permission.
Look in your Applications folder and see if anything looks suspicious. It could be anything from the name to the quality of the app’s icon image. It could also simply be that you didn’t install it in the first place.
If you find anything, delete it immediately.
Review app permissions and login items
The next step in detecting keyloggers on a Mac is to go to System Settings and check app permissions and login items.
If you installed an app that you believed to be legitimate but turned out to be a keylogger, it may have given itself permissions that you didn’t approve of. The same applies to login items — programs that automatically start when the Mac boots up. A keylogger will try to make itself a login item.
To check app permissions, go to System Settings > Privacy & Security.
To check login items, go to System Settings > General > Login Items & Extensions.
Look for large running programs in Activity Monitor
Another step in the Mac keylogger removal process is to look in Activity Monitor and check for suspicious processes.
Filter the CPU and memory lists so the higher values are at the top. Now, look at the top of the list. Which ones are taking up most of your CPU and memory? Run a web search for the name of the process to see if it’s known.
Legitimate processes won’t take up vast amounts of CPU and memory. So unless one of your apps is corrupted — or you have 200+ Chrome tabs open — then it’s likely malware.
How else can you tell if there is a keylogger on your Mac?
The telltale signs, unfortunately, don’t stop there. Here are some more ways to tell if you have an intruder on your Mac.
Your computer is running slow
Keyloggers and other malware consume lots of power. Malicious apps and scripts will gobble up as much of your CPU and memory as possible. This is obviously going to slow down your machine and eventually cause it to crash.
Close down all unknown processes and unneeded legitimate programs. Isolate the troublemaker.
Your Wi-Fi network is slow or crashing
A keylogger needs to get your private data out of your machine and exfiltrate it to a server. This requires a Wi-Fi connection. The volume of data is going to put huge pressure on your network, so your Wi-Fi is going to go slow and possibly crash.
Turn off your Wi-Fi for the time being to prevent the keylogger from moving your data out.
You’re getting 2FA codes sent to you
Since a keylogger will be sweeping up your keystrokes, it will start to collect your login details for various sites. If it attempts to infiltrate a site that is protected with 2-factor authentication, you may get 2FA codes sent to your email.
If you get 2FA codes for an account you haven’t logged into, investigate it immediately. Needless to say, don’t click confirmation links either.
Your other accounts are being hacked
The keylogger will eventually get lucky and find one of your accounts that is not protected by 2-factor authentication. In that case, the hacker is in, and it can start rummaging for useful information.
In the case of social media, they can also send messages from your account to your followers. If you suspect that you have a keylogger, then warn people immediately not to respond to messages.
How to remove a keylogger from your devices
Now it’s time to discuss the best Mac keylogger removal method. We’ll also cover how to do this on iPhone, since mobile devices are prime targets for keyloggers and other malware.
How to safely remove a keylogger from your Mac
Earlier, we mentioned that our top choice for detecting a keylogger and removing it is CleanMyMac. Here’s a step-by-step guide on how to use it:
- Open CleanMyMac and click Protection on the left.
- If you’re using the software for the first time, click the Configure Scan button first. Select everything, especially Deep Scan.
- Now that the setup has been dealt with, click Scan, and CleanMyMac will start going through your Mac, looking for keyloggers and any other threats on your MacBook.
- When keyloggers or other malware are found, CleanMyMac compiles everything in an easy-to-understand list. Select everything and click Remove.
While you have CleanMyMac open, take an extra few minutes to use some of the other modules as well. Cleanup and Performance will sweep up any remaining files related to the keylogger, as well as tune up and optimize your machine.
How to manually remove a keylogger from your Mac
If, for any reason, using CleanMyMac is not an option, the other alternative is to manually remove it. But this can be an unreliable process, as you won’t be certain that you got it all.
That said, if you want to remove a keylogger manually, here’s how:
- Look on Activity Monitor and shut down any suspicious processes. (Look for processes taking 90% or more of your CPU and memory.)
- Go to the Applications folder, find any suspicious apps, and delete them.
- Check your settings to see if anything has been changed — your browser security settings, your firewall, FileVault, etc.
- Remove all cookies, temporary files, and cache files.
- Check your email to see if 2-factor authentication has been disabled on any of your accounts.
- Install all available macOS updates and app updates.
- Reset your iCloud password.
- To be absolutely sure, consider wiping and resetting your Mac.
How to get rid of a keylogger on your iPhone
It’s not only Macs that can suffer from keyloggers. iPhones can be victims, too, especially if your device is jailbroken.
Here’s how to get rid of a keylogger on iPhone:
- Look at your list of installed apps and remove any that you didn’t install. If a keylogger is trying to hide by using a legitimate name, look to see if the icon for the real app is the same.
- Install any available iOS updates and app updates.
- Wipe your Safari browser settings.
- Reset your iCloud password.
- If you’re still not sure if you got it all, consider wiping and resetting your iPhone to its factory settings.
How to protect your Mac from keyloggers
Once the keylogger is gone from your Mac, the next step is to ensure that it never happens again. You can increase your safety by observing the following rules.
Never click on links from people you don’t know or trust
Receiving a link from a relative or trusted friend is fine. But if you get sent a link from someone you barely know, or a complete stranger, then err on the side of caution and don’t click it. Unsolicited links could lead to malware-infected websites that host download links for viruses.
Never open email attachments from unknown senders
The same rule applies for email attachments. Never open email attachments from people you don’t know or barely know. There are an increasing number of PDF viruses, so keep a close eye on email attachments.
Limit your app downloads to the Mac and iOS stores
A keylogger could appear in the form of a trojan that hides behind legitimate software. Once you install the software, the trojan covertly installs itself, too.
You can remove this risk by restricting your app downloads to the Mac App Store (or the iOS App Store for iPhone). Apps there are strictly monitored and vetted for any malicious processes.
Change your passwords
As we indicated, a keylogger for Mac is going to scoop up every key you press, so your usernames and passwords will be compromised. The next step will be to change all your passwords. Yes, this can be tedious beyond belief. But it has to be done.
Always enable 2-factor authentication
Finally, if you haven’t done so already — or if it was disabled by the keylogger — enable 2-factor authentication on all your web accounts.
A keylogger can steal your login details, but what it can’t get are single-use temporary codes from your other device. Multi-factor or 2-factor authentication can literally make or break your security.
It’s natural to panic when malware of any kind appears on your device. It can feel like a direct attack on you, with all of your private data suddenly up for grabs. But if you take a deep breath and follow the instructions laid out here, you’ll soon be destroying those keyloggers and sending the hackers packing.
This is an independent publication, and it has not been authorized, sponsored, or otherwise approved by Apple Inc. Mac, iPhone, and macOS are trademarks of Apple Inc.
