Remove malware from Safari browser

Read the article to learn the main attack vectors used by malware to infect Safari and follow the instructions to remove viruses from this browser.

August 2019 update

Although there is a version of Safari browser built for Windows operating system, it is native to and primarily associated with Apple’s Mac OS X, macOS and iOS. It’s therefore not hard to comprehend the size and scope of user community enjoying this Internet navigation client’s features and benefits. Whereas Windows aficionados are more accustomed to malicious software attacking their machines, Macs are also getting increasingly targeted over the course of the last several years. Since macOS proper is generally known to accommodate a robust security model which isn’t easy to dodge, the cybercrime actors out there tend to take advantage of the platform’s individual components that are more of a low hanging fruit. Safari is by far the most frequently exploited environment in these malware attacks.

The infections tailored to compromise this web browser are fairly versatile. Some of them are unique and cannot be encountered elsewhere. For instance, the fake FBI locker hoax, which was at large in 2013, would specifically go after Safari, while the Windows based counterpart of this virus tended to affect the entire computer.

The FBI Moneypak virus locking Safari
The FBI Moneypak virus locking Safari

There is a category of infections, mostly adware, that are cross-browser, so they hit Safari, Chrome and Firefox alike. These threats typically infiltrate Mac boxes furtively by accompanying other downloads and installs. This software wrapping model is extremely widespread for serving browser malware. The user might think they got lucky to find some free app that features a desired functionality, but the freeware might carry an unwanted payload that isn’t likely to be noticed along the way. Some examples of such universal bugs are BrowserSafeguard with RocketTab, Search Protect by Conduit, Deal Finder, Trovi, Offers4U, DealFinder, and popup virus, to name a few.

Annoying ads displayed by RocketTab adware in Safari
Annoying ads displayed by RocketTab adware in Safari

Some infections are Mac-specific. These include apps representing the controversial Genieo network as well as tons of ad-injecting extensions such as MacCost, MacitNow, MacSpend, MacSter, MacGlobalDeals, InstallMac and many others. What they all have in common is being manifested as Safari toolbars, extensions or plugins. All websites visited in the affected browser will contain multiple advertisements that do not belong there. The ads are isolated to the machine, so the exact same sites won’t be inflated with the annoying sponsored data when visited from a non-infected box.

One of the threats dominating the Safari malware ecosystem in 2019 is the Bing redirect virus. It reroutes the victims’ Internet traffic, including web searches, to without authorization. The affected Mac users wonder what the goal of this malicious activity might be, considering that the landing page is an entirely valid, reputable service. The truth is that the hijacked browsing session involves a series of additional hosts resolved along the way, that is, before it hits Bing. These interim sites are only visible for fractions of a second in the Safari status bar at the bottom of the browser window – no wonder most victims don’t notice the real flow of their web navigation. Obviously, this is a multi-pronged traffic monetization scheme with a delusive flavor of legitimacy added by the trustworthy destination site.

Searches in Safari being redirected to Bing without approval
Searches in Safari being redirected to Bing without approval

The most efficient method to stay away from Safari malware is to be cautious what you download and install, because bundling with third party apps is the main loophole used by virus makers to infect this browser. In the meanwhile, if you did catch one of these bugs, use the steps below to resolve the mishap.

Techniques to remove malware from Safari

There are several vectors applicable to eradicate malicious code that ended up in your browser. Since both search hijackers and ad-inserting bugs tend to be embodied as malicious extensions or plugins, the first workaround is to uninstall these apps. While this approach is often efficient, sometimes it won’t work – it all depends on severity of a particular threat. In the worst case scenario, resetting Safari works flawlessly, but this procedure will erase all personalized browsing data. So try the former technique first, and if it doesn’t help, proceed to the latter (steps to be provided below).

Method 1: Manual removal of malicious components from Safari

  • Go to Safari Menu bar and select PreferencesSelect Preferences in Safari menu bar
  • Hit the Extensions tab on the Preferences screen. Review the list of extensions in the left-hand part of the screen, select one that looks suspicious and click Uninstall to eradicate it from SafariExtensions tab
  • Now click on the General tab and enter the preferred Safari homepage. Similarly, go to the Search tab and set the default search engine thereSet preferred homepage in Safari
  • Restart Safari and browse around a bit to check if the problem has been fixed. If the symptoms aren’t occurring anymore, you’re good to go. In the event the issue persists, move on to the next troubleshooting vector.

Method 2: Reset Safari to its defaults

  • Go to Safari menu and select Preferences again on the drop-down listSafari menu bar - Preferences
  • Go to Advanced tab and enable the option that says Show Develop menu in menu barShow Develop menu in menu bar
  • Now you will see the extra Develop menu in your Safari menu bar. Click it and select Empty Caches as shown below
  • Do some test browsing to see if things are okay now and whether the malware is gone. If the issue is still there, you may need to additionally clear your browsing history in Safari. In Safari menu bar, select History and click Clear HistoryClear history in Safari
  • The browser will display a dialog so that you can select the required period you would like to clear history for. Select all history on the list and click the Clear History button
  • In case Safari is still acting up due to malware interference, there is one more thing you can try. Once again, go to Preferences from the Safari menu bar and select the Privacy tab this time. Click Manage Website DataManage Website Data option in Safari
  • When Safari generates a full list of sites that have stored your browsing data, go ahead and click Remove AllRemove all website data
  • Confirm by hitting the Done button

Verify whether the virus has been completely removed from Safari

Computer threats like the Safari malware virus can be stealthier than you can imagine, skillfully obfuscating their components inside a compromised computer to evade removal. Therefore, by running an additional security scan you will dot the i’s and cross the t’s in terms of the cleanup.

Download Safari malware virus scanner and remover

2 thoughts on “Remove malware from Safari browser”

  1. Thaks a lot for the hint. I don’t use Safari but it gets updated by the Big Brother. It appears they need to clean up their bag of gifts to us Mac users.


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.