MRT.app is a Malware Removal Tool developed by Apple and is sometimes detected as a false positive by third-party AV apps
Mrt.app is Apple's built-in Malware Removal Tool that sometimes gets falsely flagged by third-party AV programs
Mrt.app is a legitimate application used to scan for, detect, and remove malware from macOS and Mac OS X systems. Shipped with every operating system, it is a built-in anti-malware tool used by Apple to protect its users from online threats and can be found in /System/Library/CoreServices/ location. However, multiple reports flooded tech forums and other community boards claiming that their third-party software like Avast or Bitdefender detected an Mrt.app virus!
Thus, what is going on? Did Mrt.app got hijacked by hackers and is performing malicious activities in the background? The answer to the question is definitely “no,” as the application is protected by System Integrity Protection, which is designed to protect it from any type of modifications. Nevertheless, there has been plenty of false positives from third-party tools that detect is as malware itself.
|Name||Mrt.app, Malware Removal Tool|
|Functionality||Continually scans the system for online threats and removes them|
|Issues||Is known to be detected by third-party anti-virus programs and sometimes causes over 90% of CPU usage|
|Detected as||MacOS:BitCoinMiner-AS, Osx.Trojan.EmPyre-6852410-0|
|Removal||You should never try to get rid of Mrt.app, as it is built-in protection from malware. Nevertheless, we provide instructions below, if you choose to do so|
|Optimization||If your computer is struggling as you have many duplicates and other useless files, you could employ a system optimization tool Reimage Reimage Cleaner Intego to get rid of them, speeding up the operation of your computer.|
It is impossible to remove Mrt.app from macOS or Mac OS X systems unless the service that runs the app is terminated via special commands. If you choose to do so and are not using third-party security tools, you should be aware that you would be exposed to online threats that target Macs.
A user on Reddit claimed that libswiftDispath.dylib file located in the subfolder of Mrt.app is being detected as MacOS:BitCoinMiner-AS [Trj] digital currency miners are malicious programs that are designed to use computer's CPU or/and GPU in order to deliver Bitcoin or another cryptocurrency directly to cybercriminals' wallets. This activity can greatly diminish the performance of the computer and result in increased electricity bills.
However, Mrt.app did have its own share of criticism from security enthusiasts and users. Some people claimed that the application keeps scanning all the compressed files located on the system, which keeps the CPU capacity to 90% most of the time, and that it is impossible to terminate it.
According to SentinelOne researchers, even XProtect, another Apple's built-in security tool, was sometimes falsely flagging Mrt.app:
MRT.app is not intended for users to launch, and in fact has even been known to trigger a false positive from Apple’s own XProtect in certain circumstances.
That all being said, you should also keep in mind that threat actors could name malware as Mrt.app so that it would create fewer suspicions. The best way to check whether the app is malicious is checking its location – if it is located anywhere by in the following folder, it is actually malicious, and Mrt.app removal should be performed immediately:
For that, you should employ reputable third-party anti-malware software and perform a full system scan. In case your computer still seems to be slow and lagging, it might be due to an overloaded disk. To solve this problem automatically, you can employ such tools as Reimage Reimage Cleaner Intego.
Finally, many detections of Mrt.app are indeed false positives, and most of the security vendors already updated definitions inside the database. However, one should never ignore anti-malware software-induced pop-up and investigate the situation promptly to avoid serious consequences like identity theft.
Mrt.app is a security application that causes some Macs to run CPU at 90% capacity
Reasons you should employ extra measures when trying to protect yourself from Mac malware
Security researchers are constantly trying to remind users that malware is a danger to each of the macOS users. Nevertheless, there are plenty of claims that the built-in XProtect, Malware Removal Tool, Gatekeeper, and others are more than enough to guard users against all harm online. Well, this is far from the truth, as many AV software researchers found evidence that the rate of Mac malware is increasing exceptionally fast.
For example, according to Kaspersky, every one in 10 Mac is attacked by the notorious Shlayer Trojan, otherwise known as OSX/Shlayer or Crossrider. This parasite is capable of disabling built-in macOS defenses and installing malicious apps in the background without users' permission. Besides, there was also discovered that Mac malware is outpacing Windows malware in 2019, according to research.
Therefore, those times when built-in tools were enough to protect your Mac, it is no longer true. You should always keep in mind that there are cybercriminals that are targeting your finances, personal information, and even identity.
To ensure that your macOS is the safest it can be, you should put effort into making it that way. As previously mentioned, you should employ third-party security software that could protect you from all types of threats. Besides, careful web browsing is another key to a safe computer:
- never give in to claims you find on random websites via your browser: your computer is not infected with viruses, and you do not need to update Flash Player;
- do not open suspicious email attachments or click on embedded links before hovering your mouse over;
- try to only download apps from Apple-approved sources – App Store currently holds more than 1.8 million apps;
- if downloading applications from third-parties, always pick Advanced/Custom settings and watch our for pre-ticked boxes, fine print, text, misleading deals, etc.
Ways to determine whether MRT.app is a false positive
As previously mentioned, MRT.app removal can seriously compromise your computer security if you do not use third-party software. Nevertheless, if you are suffering from high CPU usage because of the tool, and you use third-party option instead, you can remove MRT.app service with the help of these commands:
sudo launchctl stop com.apple.mrt
sudo launchctl remove com.apple.mrt
Also, you should find the following files and delete them:
Once again – do not do this if you are unsure about MRT.app and its functions.
If MRT.app does not cause you any issues, you should not touch it at all, as the most likely cause of third-party flagging it as malicious is because it is a false positive. To ensure it is an FP, you can scan it with another security software or contact the AV vendor you are using the software of.