How to Tell If a Slow Mac Is Caused by Malware

A 10-minute checklist using Activity Monitor and built-in macOS tools to rule malware in or out.

6 min read · Beginner friendly

A sudden, unexplained slowdown on a Mac is one of the clearest red flags. Cryptominers, adware and stalkerware often hide in the background and burn CPU and disk — and they almost always leave traces in Activity Monitor or Login Items.

Symptoms worth investigating

• Fans spin loudly even when you are not doing anything heavy
• Spinning beach ball appears constantly when launching apps
• Battery drains noticeably faster than a week ago
• Safari or Chrome takes 10+ seconds to open a new tab
• Internet feels slow only on this Mac

Step 1: Open Activity Monitor and sort by CPU

1. Press ⌘ Space, type Activity Monitor, hit Enter
2. Click the CPU tab → click % CPU column header to sort highest first
3. Watch for 30–60 seconds. Anything sitting above 20% with no clear reason is suspect
4. Right-click a suspicious process → Open Files and Ports to see where it lives on disk

Step 2: Audit Login Items and Background tasks

1. System Settings → General → Login Items & Extensions
2. Review Open at Login — remove anything you do not recognise
3. Scroll down to Allow in the Background — this is where adware hides; toggle off anything unfamiliar

Step 3: Check disk and network usage

• In Activity Monitor, click the Disk tab and sort by Bytes Written — a process writing gigabytes when idle is highly suspicious
• Click the Network tab — a process sending data with no app open is a red flag