This popular Mac utility is now effectively malware — delete it right now

MacBook Pro 2021 (16-inch) on a patio table
(Image credit: Tom's Guide)

In the past Macs had a reputation for being safer than their Windows counterparts when it came to malware, but that’s no longer the case.

Recently, we’ve seen all sorts of Mac malware from infostealers to fake PDF viewers used to infect Macs with viruses. Now though, a Mac utility that gave users greater control over macOS' dark mode has seemingly become malicious overnight.

As reported by How to Geek, the once popular utility NightOwl, which made it possible for Mac users to instantly switch between light and dark mode depending on the time of day, is now effectively malware. 

While Apple has since added native dark mode support with the release of macOS Mojave back in 2018, some users may still have NightOwl installed on the best MacBooks. If you’re one of those users, you should delete the app immediately since recent changes to it could put your privacy at risk.

Adding Macs to a botnet

Stylized computer-aided illustration of interlinked blue robots illustrating the structure of a network botnet.

(Image credit: BeeBright/Shutterstock)

According to its website, NightOwl was originally developed to make it easier to switch between light and dark mode without having to navigate through macOS’ settings. The utility appears to have been created by one developer who was looking to solve one of the most frustrating things about macOS Mojave’s dark mode.

After launching the app and seeing a great deal of success, its developer eventually sold it to another company called TPE.FYI LLC. Instead of leaving NightOwl as it was, its new owner injected malicious code into the app that essentially adds Macs with it installed to a botnet used for “market research”. Unfortunately for those still using NightOwl, there’s no way to opt out and the app’s new gateway feature can’t be disabled even when you quit the app. 

Information regarding the feature itself is tucked away in the app’s terms of service which explains that the “NightOwl app enables Users to share internet traffic by modifying their device’s network settings to be used as a gateway for internet traffic.” To make matters worse, a Mac with NightOwl installed is also “as a gateway for NightOwl app’s Clients, including companies that specialize in web and market research, SEO, brand protection, content delivery, cybersecurity, etc.”

It might make sense if an app like a VPN was using your Mac as a gateway for internet traffic but when it comes to NightOwl, this is a step too far. However, as it’s in the terms of service, there’s nothing NightOwl users can really do except for uninstalling it. Fortunately, dark mode is now easy to enable on your Mac, so NightOwl is no longer as useful as it once was.

How to stay safe from Mac apps that become malicious

Even the best Mac apps can go rogue and operate much differently than they used to, as we’ve seen here. For this reason, just like on your iPhone, you want to be careful about which apps you install and where you download them from.

Sticking to the Mac App Store is your best bet, but since an app can be completely changed by having code injected into it, you should also be using one of the best Mac antivirus software solutions to help you stay safe.

If you’re worried about Mac apps accessing the internet for nefarious purposes, you can always enable macOS’ firewall. This support document walks you through everything you need to know about enabling firewall protection on your Mac. Once done, you can block certain apps from accessing the internet entirely. While this may not work for every app, it’s worth a try.

As for NightOwl, after How To Geek reached out to the company a representative explained that it partnered with a residential proxy service to monetize the app but it doesn’t collect any other data besides users’ IP addresses. However, the company claims to be working on a way to give concerned users the option to opt out of having their Mac act as a gateway for internet traffic. 

For more info on how to remove NightOwl from your Mac and why you absolutely should, this blog post from Robin which made the initial discovery explains all of the technicalities.

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.