Fake Mac Virus Warning
Home Malware Fake AppleCare Virus Warning Pop-Ups Link to Malware

Fake AppleCare Virus Warning Pop-Ups Link to Malware

by Brett M. Christensen

Note: As discussed below, very similar scams target iOS and Android phone users and those who use Windows-based computers. This report focuses on the version of the scam that targets Mac computer users.

At some point, many Mac users will likely encounter a browser pop-up warning claiming that their computer is infected with viruses. 

The pop-up, which features seemingly genuine AppleCare logos and Apple menu links, claims that a security check has found traces of malware and phishing that require immediate removal.  It warns that your personal and banking information is at risk and urges you to click a “Scan Now” button to avoid further damage to your system and remove the supposed threats.

To get you to take immediate action, the pop-up also displays a timer that supposedly shows how many minutes and seconds you have until the damage caused by the viruses is permanent.

Despite its appearance, however, the message has no connection to Apple and the virus infection claims are false.

Instead, the supposed warning message is a scam designed to trick you into installing rogue antivirus software and other types of malware.

If you click the scan button,  you will be redirected to another webpage that appears to be performing a “deep scan” of your computer. At the end of the scan, a results page will inform you that your computer has a large number of dangerous infections that need to be dealt with urgently.

The page will instruct you to click a download button to install software that can supposedly rid the computer of infections and fix other security issues. It then claims that you must buy the software using your credit card before the infections can be removed.

But, alas, the scan is entirely fake. The infections that the scan supposedly finds are simply made up.  The software that you pay for and install will not effectively deal with malware or security problems as it claims to do. Instead, it is itself malware. And, once installed, it may download further malware components.

Moreover, the unscrupulous and unethical vendors who use such tactics to scare people into purchasing their dodgy products now have your credit card details. 

What to do if You Encounter a Fake Virus Infection Pop-Up

If one of these pop-ups appears in your browser, do not click on any buttons or links that it contains.

In some cases, the pop-up will prevent you from closing the browser window.

If so, you may need to terminate your browser session. Here’s how:

1: Hit Command + Option + Esc to open the “Force Quit Applications” window.

2: Select the name of the browser you are using and hit the “Force Quit” button.

If you have already hit the scan button, you have installed the rogue software, or if the bogus popup continues to appear after you have closed and reopened your browser, you should first scan your computer using a legitimate anti-malware program.

We recommend Malwarebytes, which is free for home users.

If the problem persists, refer to this report for further information. 


Versions of the same scam target people using iPhones and iPads as well as those using Windows and Android.

And, very similar scam pop-ups claim that your Mac has been blocked and you must call a support number for assistance. These are tech-support scams designed to trick you into giving your credit card details to online criminals and installing malware. We discuss this variation in a separate report here.

Screenshot of scam popup:

Fake Mac Virus ALert


Your system is infected with 3 viruses!


Your Mac is infected with 3 viruses. Our security check found traces of 2 malware and 1phishing/spyware. System damage: 28.1% – Immediate removal required!


The immediate removal of the viruses is required to prevent further system damage, loss of Apps, Photos or other files. Traces of 1 phishing /spyware were found on your Mac.


Personal and banking information are at risk.


To avoid more damage click on ‘Scan Now’ immediately. Our deep scan will provide help immediately.”


Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,