Note: As discussed below, very similar scams target iOS and Android phone users and those who use Windows-based computers. This report focuses on the version of the scam that targets Mac computer users.
At some point, many Mac users will likely encounter a browser pop-up warning claiming that their computer is infected with viruses.
The pop-up, which features seemingly genuine AppleCare logos and Apple menu links, claims that a security check has found traces of malware and phishing that require immediate removal. It warns that your personal and banking information is at risk and urges you to click a “Scan Now” button to avoid further damage to your system and remove the supposed threats.
To get you to take immediate action, the pop-up also displays a timer that supposedly shows how many minutes and seconds you have until the damage caused by the viruses is permanent.
Despite its appearance, however, the message has no connection to Apple and the virus infection claims are false.
Instead, the supposed warning message is a scam designed to trick you into installing rogue antivirus software and other types of malware.
If you click the scan button, you will be redirected to another webpage that appears to be performing a “deep scan” of your computer. At the end of the scan, a results page will inform you that your computer has a large number of dangerous infections that need to be dealt with urgently.
The page will instruct you to click a download button to install software that can supposedly rid the computer of infections and fix other security issues. It then claims that you must buy the software using your credit card before the infections can be removed.
But, alas, the scan is entirely fake. The infections that the scan supposedly finds are simply made up. The software that you pay for and install will not effectively deal with malware or security problems as it claims to do. Instead, it is itself malware. And, once installed, it may download further malware components.
Moreover, the unscrupulous and unethical vendors who use such tactics to scare people into purchasing their dodgy products now have your credit card details.
What to do if You Encounter a Fake Virus Infection Pop-Up
If one of these pop-ups appears in your browser, do not click on any buttons or links that it contains.
In some cases, the pop-up will prevent you from closing the browser window.
If so, you may need to terminate your browser session. Here’s how:
1: Hit Command + Option + Esc to open the “Force Quit Applications” window.
2: Select the name of the browser you are using and hit the “Force Quit” button.
If you have already hit the scan button, you have installed the rogue software, or if the bogus popup continues to appear after you have closed and reopened your browser, you should first scan your computer using a legitimate anti-malware program.
We recommend Malwarebytes, which is free for home users.
If the problem persists, refer to this report for further information.
And, very similar scam pop-ups claim that your Mac has been blocked and you must call a support number for assistance. These are tech-support scams designed to trick you into giving your credit card details to online criminals and installing malware. We discuss this variation in a separate report here.
Screenshot of scam popup:
Your system is infected with 3 viruses!
Your Mac is infected with 3 viruses. Our security check found traces of 2 malware and 1phishing/spyware. System damage: 28.1% – Immediate removal required!
The immediate removal of the viruses is required to prevent further system damage, loss of Apps, Photos or other files. Traces of 1 phishing /spyware were found on your Mac.
Personal and banking information are at risk.
To avoid more damage click on ‘Scan Now’ immediately. Our deep scan will provide help immediately.”