Pipidae Malware

7-day Free Trial w/Credit card, no charge upfront or if you cancel up to 2 days before expiration; Subscription price varies per region w/ auto renewal unless you timely cancel; notification before you are billed; 30-day money-back guarantee; Read full terms and more information about free remover.

*Source of claim SH can remove it.

Pipidae on Mac

Apple computers rarely get malware, but rarely isn’t never, and Pipidae on Mac is one recent and notable exception. This is a type of browser-targeting malware, known for its disruptive ads, aggressive page-redirects, and unauthorized changes that it introduces to Safari and other browsers.

If you are currently dealing with this, you probably first realized there’s something unwanted on your Mac when a system warning popped-up on your screen, telling you about the presence of Pipidae on your Mac, and recommending that you send it to the Trash. Since the sudden appearance of this popup can be quite jarring, some of the users who come across it are unsure if it’s a legitimate macOS warning or a malware trick, intended to get you to delete something that you shouldn’t.

After our thorough research on the topic of Pipidae on Mac, we can conclude that the popup itself is a legitimate warning from your system and interacting with it won’t cause any damage. However, it does tell you that there’s rogue software on your Mac that needs to be addressed and in this post, we’ll tell you how you can take care of it.

Pipidae on Mac
The Pipidae malware on Mac pop up.

What is Pipidae Malware on Mac?

The Pipidae malware belongs to the Adware category – a family of rogue software intended to infiltrate the users’ browsers, take over their settings, and aggressively spam the user with marketing materials with the aim to accumulate ad revenue.

There have been several notable Mac-targeting adware programs in recent years, including Search Alpha, Search Baron, Search Marquis, and Ryderd, and the Pipidae malware seems to function in very much the same way.

The way you got it on your Mac most likely involves ignoring the “This is an application downloaded from the Internet.” macOS warning or overriding the “…cannot be opened because the developer cannot be verified.” installation prohibition when installing a new app. Apple’s macOS has some very robust security measures in place, but some of them can be ignored or bypassed by the user and that is how it’s still possible to get something unwanted on a Mac computer.

The Pipidae Virus

If you are panicking about this adware, which is often referred to as the “Pipidae virus”, we have some good news or you: As we mentioned above, this is an instance of adware and this means that, as annoying as it might be, it’s actually unlikely to harm your system or data, at least not directly.

The main danger that may come from the “Pipidae virus” is that its control over your browser could result in you getting redirected to scam pages, where you may be tricked into sharing personal data, such as your credit or debit card numbers. So even if this adware is technically not damaging to your Mac, it can still be a threat to your virtual privacy, hence why you need to take care of it ASAP.

Pipidae will damage your computer

Pipidae will damage your computer” is the warning message you are most likely to get if you get this adware on your Mac. But we said in the previous paragraph that this program isn’t actually damaging, so why is the warning text worded in this way? Well, your macOS simply doesn’t take any chances with rogue software, so it tries to urge you to address the intruder as soon as possible.

The issue here is that clicking on the “Move to Trash” button will usually not solve anything. Even if a file does get sent to the Trash, there will be another similar warning soon after. Users who have tried this report that the “Pipidae will damage your computer” popups simply won’t stop no matter how many times they move Pipidae files to the Trash. For this reason, a different approach is needed to take care of this adware.

Pipidae on MacBook

If Pipidae is on your MacBook, this means that it has likely created a large number of files and has placed them in different system folders to make its removal more difficult for you. Common directories where you are likely to find its files are LaunchAgents, ApplicationSupport, and Launch Daemons.

One potential problem with cleaning those folders is that it can be difficult for a regular user to determine which files there need to be deleted. Note that the files created by Pipidae on your MacBook won’t have the same name as the adware, but will typically have some random filenames that can be very difficult to distinguish from the other files stored in those folders.

Still, with the help of the guide we’ve posted below, you should be able to find and delete everything that this rogue software may have left on your PC.

Pipidae on MacBook
Two Pipidae files in the LaunchAgents folder.

Pipidae for macOS

In addition to creating rogue files in your system, Pipidae for macOS can also gain access to system settings, such as the User Profiles on your Mac. Creating new custom User Profiles allows the rogue software to gain a foothold in your system and bypass many of the security measures of your Mac.

Again, that is not to say that Pipidae for macOS will directly cause damage to anything, but its access to the system settings is part of the reason why it can avoid removal even when you click the “Send to Trash” button on the warning popup. For this reason, it’s required to check for rogue User Profiles and delete them when attempting to remove this adware.

The Pipidae file

The popup you see appears to suggest that there’s a single Pipidae file on your system and that removing it will solve the issue, but as we’ve already established, that’s far from the truth. But then what are some examples of Pipidae files that this adware is known to create.

While researching, we found quite a lot of different filenames that are linked to this rogue software, and there are probably more that we didn’t find. Here is a list of filenames that you need to be on the lookout for, but know that this is by no means an exhaustive list:

  • com.centinol.plist
  • com.jirin.plist
  • com.0bS6m.plist
  • com.homebound.plist
  • com.remcored.plist
  • com.desiderata.wg.plist
  • com.simonious_Wellsian.plist
  • com.phialine.hx.plist
  • com.wran-recurvous.plist
  • com.OqS9r.plist
  • com.trimellitic.plist
  • com.SystemExtr.plist
  • com.UtilityData.plist
  • com.UtilityParze.plist

For more examples of Pipidae file names, you can check this Apple Discussions thread.

The Pipidae file
Pipidae files in the LaunchDaemons folder.


Detection Tool

*Source of claim SH can remove it.

How to remove Pipidae from Mac

Now, if you have Pipidae on your Mac, here is a comprehensive guide that will help you delete it:

  1. Go to Applications > Utilities, and open the Activity Monitor app.
    activity monitor
  2. Look for questionable processes – anything that doesn’t seem related to programs/apps you are familiar with, yet seems to consume suspiciously high amounts of Memory and CPU. Don’t expect to find a process named Pipidae, as it will probably have a different name.
  3. If you encounter a process that you think is rogue, select it, select the “X” button from the top, and then click on Force Quit.
  4. Go into Safe Mode
    • Intel Macs: Turn off your Mac. Press the power button and immediately press and hold down Shift until the login screen appears, then log in. You may need to log in a second time.
    • Apple Silicon Macs: Turn off your Mac. Press and hold the power button until you see the “Loading Startup Options” screen. Select a volume (you might have only one), then hold down shift, and click on Continue in Safe Mode.
  5. Go to Apple Menu > System Preferences/Settings > Users & Groups, click the Padlock icon (bottom-left), and enter your password to unlock these settings.
  6. Check the left panel for unfamiliar profiles that weren’t created by you or by anyone else using this Mac and delete them. Common examples of rogue user profiles are:
    • TechSignalSearch
    • MainSearchPlatform
    • AdminPrefs
    • Chrome Settings
  7. Next, open the Go menu, and click Go to Folder.
    go to folder
  8. Copy-paste this folder location “~/Library/LaunchAgents” in the search bar that appears, and hit Enter.
    go to launch agents
  9. Select View > as List from the top.
    view as list
  10. Search the folder for files with suspicious filenames:
    • Filenames included in the list we gave you above.
    • Filenames that seem like a random string of letters and numbers.
    • Filenames that include any of the following words:
      • calculator
      • calender
      • confcloud
      • copypaste
      • date
      • fixer
      • gettime
      • helper
      • hlpr
      • mafntask
      • moniter
      • pcv
      • scan
      • search
      • smokyashan
      • systemond
      • systemExtr
      • spigot
      • techyutil
      • time
      • updService
      • util
      • utilty
      • vlm
  11. In the same way, check the following folders for rogue files and clean them too:
    • /Library/LaunchDaemons
    • /Library/LaunchAgents
  12. Open Safari, go to the Safari Menu, open Preferences, and perform the following actions:
    • In the General tab, bring back your preferred search engine if it has been changed.
    • In the Exensions tab, delete any unfamiliar or suspicious extensions.
    • In the Privacy tab, click on Manage Website data and then click on Remove All.
  13. Similarly, clear the data in your other browsers, delete any suspicious extensions from them, and restore their default search engine.

About the author


Violet George

Violet is an active writer with a passion for all things cyber security. She enjoys helping victims of computer virus infections remove them and successfully deal with the aftermath of the attacks. But most importantly, Violet makes it her priority to spend time educating people on privacy issues and maintaining the safety of their computers. It is her firm belief that by spreading this information, she can empower web users to effectively protect their personal data and their devices from hackers and cybercriminals.


  • Thank you so much. I’ve just done everything you mentioned, so far Pipidae has ceased popping up.
    It must be a very new Virus (Nov 21, 2023) as I was googling and no one knew about. Glad you did.
    So annoying!

  • While trying to remove “Pipidae”, I’m following the instruction-video above, but NOTHING looks the same on my Mac, as it does in the video. Thus I have so far been able to do the Disc Utility/First Aid. But when opening SysPrefs and thereafter Users & Groups, I have nowhere to chose between Password or Login Items and cannot therefore delete anything. Looks to me that the video was made on an earlier MacOS.
    Could someone please update the video and the instructions therein?
    Or maybe help me some other way?
    Until then I’ll try following the written instructions instead

Leave a Comment