Dashboard
Last scanned: 2 min ago
Health Score
Unsigned app running from ~/Downloads
Unknown binary without code signature detected
High CPU usage: node (47%)
5 Signs Your Mac Has Been Compromised
There is a stubborn myth that Macs are immune to hackers. It was never true, and in 2026 it is especially dangerous to believe.
Mac-targeting malware increased by over 400% between 2020 and 2025. Threat actors know that Mac users tend to be less guarded, which makes them attractive targets. If you have never thought twice about your Mac's security, now is the time to start.
Here are five signs that something on your Mac might be compromised, and what you can do about each one.
1. Your Mac is suddenly, persistently slow
Every computer slows down occasionally. But if your Mac went from snappy to sluggish seemingly overnight, and it stays that way even after a restart, that is a red flag.
Malware often runs hidden processes that consume CPU and memory in the background. Cryptominers are a common culprit. They hijack your processor to mine cryptocurrency for someone else, and the only symptom you notice is that your fan is always spinning and everything feels laggy.
What to do: Open Activity Monitor and sort by CPU usage. If you see processes you do not recognize consuming significant resources, investigate them. Better yet, run a scan with a tool like CoreLock that can explain every process in plain English.
2. Unknown processes in Activity Monitor
Speaking of Activity Monitor, it is worth checking even if your Mac feels fine. Many types of malware are designed to be lightweight and stealthy. They will not slow your machine down noticeably, but they will show up as unfamiliar processes.
Look for names that seem random, like strings of letters and numbers. Also watch for processes that mimic legitimate system names but are slightly different, like "GoogleUpdater" instead of "Google Chrome Helper."
What to do: Search the process name online. If you cannot find any legitimate software associated with it, that is cause for concern. CoreLock's process scanner flags unknown and suspicious processes automatically, so you do not have to do the detective work yourself.
3. Your browser keeps redirecting you
If your browser sends you to websites you did not ask for, shows pop-ups you have never seen before, or has a new homepage you did not set, you likely have adware or a browser hijacker.
These are among the most common Mac threats. They sneak in through bundled software downloads, fake Flash Player updates (yes, people still fall for those), or malicious browser extensions.
What to do: Check your browser extensions and remove anything you do not recognize. Clear your browser data. If the problem persists, the hijacker may have installed itself deeper, as a launch agent or login item. A full system scan can find and remove these persistent components.
4. Your camera or microphone indicator lights up unexpectedly
Modern Macs have a hardware indicator light that turns on when the camera is active. If you notice that green dot appearing when you are not on a video call, take it seriously.
Spyware that activates your camera or microphone is real. It is used in targeted attacks against individuals, but commodity spyware kits have made it accessible to less sophisticated attackers too.
What to do: Check System Settings, then Privacy and Security, then Camera and Microphone. Review which apps have access. Revoke access for anything that does not need it. CoreLock's privacy audit does this automatically and alerts you to any unusual permission grants.
5. New startup items or login items you did not add
Malware needs to survive restarts. To do that, it installs itself as a startup item, a login item, or a launch agent. These mechanisms tell macOS to run the malware every time your computer boots up.
If you see unfamiliar items in System Settings under General, then Login Items, or if you notice new items in your Library/LaunchAgents folder, someone or something may have added them without your knowledge.
What to do: Review your login items regularly. Remove anything you do not recognize. Be aware that some malware hides its launch agents in system-level directories that are not visible by default. A proper security tool will scan all of these locations for you.
What to do if you spot these signs
If any of these signs sound familiar, do not panic. Most Mac threats can be removed once they are identified. Here is a simple plan:
First, disconnect from the internet. This stops any active data exfiltration and prevents the malware from receiving new instructions.
Second, run a comprehensive scan. You need a tool that checks processes, startup items, network connections, file signatures, and permissions all at once. Checking just one of these categories might miss something.
Third, review and fix the findings. This is where most people get stuck, because traditional security tools show you results in technical jargon that makes no sense.
Why CoreLock is built for exactly this
CoreLock scans all five of these areas and more. It checks running processes, startup items, network connections, file hashes, code signatures, and privacy permissions. Then it explains everything it finds in plain English, not security jargon.
If it finds something suspicious, you can fix it with one click. No terminal commands. No Googling error codes. Just clear explanations and simple actions.
Download CoreLock for free at corelock.ai/download and run your first scan in under a minute. You might be surprised by what you find.