Trojan.MAC.OSX.XcodeGhost Removal

George Herman
George Herman
IT Security Expert

Get a FREE scan to check for problems

Some infections like this virus can regenerate themselves. There is no better way to detect, remediate and prevent malware infection, than to use a professional anti-malware software like SpyHunter. One Application that is capable of solving all MAC problems.


SpyHunter Anti-Malware FREE 15-day trial available.

What is Trojan.MAC.OSX.XcodeGhost

Trojan.MAC.OSX.XcodeGhost is a virus, which belongs to the Trojan horse category. A Trojan is capable of severely damaging your computer, as well as stealing all sorts of personal files and information that you store on it. The victims of this malicious software may even be spied on – both virtually and physically. Trojan infections allow hackers to monitor your activity through your microphone and web cam, as well as online. Because it is very stealthy, this virus can remain undetected for a very long time.

How it is distributed

Most commonly, Trojan viruses are distributed through infected email attachments, torrent files, software bundles, freeware, fake update messages, etc. It is important to note that the Trojan.MAC.OSX.XcodeGhost virus cannot infect your Mac on its own. The virus needs your permission in order to get access to the system. This can happen when you open an email attachment from an unknown sender, or when you follow through a shady update request. Often, users download software and carelessly proceed with the installation process. Due to their negligence, bonus content manages to get installed alongside the desired program. That’s because cyber criminals are known to bundle malicious software and disguise it as ‘additional’. The only way to prevent it from getting access to your Mac, is to opt out of its installation. Otherwise, it will automatically get installed due to your lack of attention during the install setup.

How it operates

It is not necessary for the Trojan to get active right after its successful infiltration. That’s why it’s very hard to notice its presence. In most cases, users find out their device has been infected when the symptoms have become severe. The Trojan.MAC.OSX.XcodeGhost virus is capable of taking control over your Mac. It can perform malicious tasks, delete and corrupt files, steal information like passwords, IP addresses, bank account credentials, credit card numbers, as well as files like documents, photos, etc. You apps may become unresponsive to your actions, the internet speed will decrease, your Mac will feel more and more sluggish, and programs will frequently crash. The only way to revert your Mac to a normal and secure state, is to get rid of this Trojan horse as soon as you notice the symptoms. The more time you waste, the worse it will get!

Staying safe from Trojan.MAC.OSX.XcodeGhost

Apart from having a reliable AV software installed on your Mac, there are other things you can do to ensure your device’s safety. We highly recommend you to:

  • Pay close attention when you install third-party software, especially torrent files, so you don’t install shady additional applications that you don’t want. In most cases, that’s how malicious parasites are able to infect your computer;
  • Read any Terms and Conditions you see, so you know exactly what you agree to. The last thing you want is to unknowingly give permission to a nasty virus to infiltrate your Mac;
  • Follow links that lead to trustworthy sites only;
  • It is best to visit only reliable and official websites. You never know what dangers might lurk behind an unfamiliar site;
  • No matter how attractive an ad is, if you are not familiar with the website it redirects to, it might be best to steer clear of it and not click;
  • Always check the sender’s email address before opening a message. If it states that it’s from an official company, compare the email with the one given in their official page. If there is no match, delete the message, since it most likely is fake and has malicious aims;
  • Don’t open email attachments from unknown senders. More often than not, such files carry infections that can seriously damage your computer.

How to manually remove Trojan.MAC.OSX.XcodeGhost from Mac

If you’ve had the misfortune of getting your Mac infected with the Trojan.MAC.OSX.XcodeGhost Trojan Horse, the instructions below can help you to remove it manually. Here’s what you need to do:

1. First, start by finding all registry entries added by Trojan.MAC.OSX.XcodeGhost and deleting them. You do this by holding down the Option key while looking at the Go menu in Finder to access the ~/Library folder. Find all related entries and delete them one by one.

2. Go to Utilities. You can do that by using the ⇧+⌘+U key combination, or by going to Finder and choosing Utilities from the Go main menu at the top.

3. Find Activity Monitor and double-click it.

4. A list will be displayed. Find any processes that seem suspicious to you and use the ‘Force Quit‘ option to quit them completely.

5. Open Finder. Click on the Go button from the main menu at the top, and choose Applications. An alternative way is to use the ⇧+⌘+A key combination.

6. Look for any suspicious applications, especially ones with a name similar to Trojan.MAC.OSX.XcodeGhost. If any are found, right-click on them and select the ‘Move to Trash‘ option.

7. Remove any related left-over files by going to Finder‘s search bar and typing the name of the app you want to remove. Make sure to modify the two drop down menus above to ‘System Files‘ and ‘Are Included‘, so that any hidden files are visible for you to remove. Once you find the files you want to remove, simply drag them to Trash.

8. All that’s left for you to do is remove any related extensions to Trojan.MAC.OSX.XcodeGhost from your Mac browsers.

For Mozilla Firefox extensions:

  • Open the Firefox browser and from the ‘burger’ menu in the top right corner of the window select ‘Add-ons’.
  • Select any suspicious extensions that may be related to the virus and click ‘Remove’.

For Google Chrome extensions:

  • Open the Chrome browser and select Tools > Extensions from the menu (the three dots in the top right corner of the browser window).
  • Locate any suspicious extensions that may be related to the virus and remove them.

For Safari extensions:

  • Open the Safari browser. From the Safari menu choose Preferences. Select Extensions from the options at the top.
  • Find any extensions you think are related to the virus, select them and click ‘Uninstall’. A new window will show up asking for confirmation. Click Uninstall again, for the extension to get deleted permanently from your browser.

Leave a Reply

Your email address will not be published. Required fields are marked *