Avoid downloading dubious apps promoted by originalsecureus.com

What is originalsecureus[.]com?

originalsecureus[.]com is a deceptive website, running several scams. These schemes claim that the user's device is (or might be) infected - this is to promote untrusted or possibly malicious software. The endorsed applications are supposedly capable of removing the nonexistent threats.

Note that no site can detect threats/issues present on users' systems, and any that claim to do so are scams. You are strongly advised against trusting originalsecureus[.]com and other similar sites.

Typically, these web pages are entered unintentionally - most people access them via redirects caused by intrusive ads or Potentially Unwanted Applications (PUAs) already infiltrated into the system.

At the time of research, originalsecureus[.]com promoted two scams. These schemes were designed to target iPhone users, however, it is possible that access to the site could be gained (i.e., users are redirected to it) via other Apple products as well. One variant displays a pop-up window, the text presented therein claims that users' devices have been infected with four viruses.

These bogus threats can apparently damage the iPhone and its SIM card (e.g. delete contact lists). Therefore, users are encouraged to follow the instructions provided in the background page. They are instructed to click the "remove viruses" button and download/install the promoted app.

The other variant states that someone might be tracking the user's browsing activity, as the IP address may be exposed. To encrypt their web traffic and change the IP addresses, users are urged to click the "Install Now" button and download/install the application from the next web page.

These scams often endorse fake anti-virus software, which usually requires payment to perform the promised features. After purchase, however, they tend to remain nonoperational. The schemes can also promote adware, browsers hijackers and other PUAs, even Trojans, ransomware and other malware.

Therefore, always research products and only download them from official sources.

As well as force-opening deceptive/scam, sale-oriented, untrusted/rogue, compromised and malicious web pages, PUAs can have other capabilities. They can deliver intrusive advertisement campaigns - they can enable the placement of pop-ups, banners, coupons and other advertisements on any visited website.

Additionally, once clicked, these ads redirect to various harmful pages and can even execute scripts to stealthily download/install unwanted content (e.g. PUAs). Other types of unwanted apps can alter browser settings, restrict access to them and promote fake search engines. Most PUAs (regardless of type) can track data.

They can monitor browsing activity (browsing and search engine histories) and gather personal information (IP addresses, geolocations and other details). This vulnerable data is often shared with third parties (potentially, cyber criminals), seeking to misuse it for profit.

In summary, the presence of PUAs on systems can lead to infiltration and infections, financial loss, serious issues and even identity theft. To protect device integrity and user safety, remove all dubious applications and browser extensions/plug-ins immediately upon detection.

Threat Summary:

Name	originalsecureus.com pop-up
Threat Type	Phishing, Scam, Mac malware, Mac virus.
Fake Claim	Scam claims that the user's device is (or may be) infected.
Serving IP Address	54.39.130.163
Promoted Unwanted Application	Scam promotes various dubious applications.
Symptoms	Your Mac becomes slower than normal, you see unwanted pop-up ads, you are redirected to dubious websites.
Distribution methods	Deceptive pop-up ads, free software installers (bundling), fake Flash Player installers, torrent file downloads.
Damage	Internet browser tracking (potential privacy issues), display of unwanted ads, redirects to dubious websites, loss of private information.
Malware Removal (Mac)	To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. ▼ Download Combo Cleaner for Mac To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

bekapro.xyz, contentfilled.com and apl-def.com are a number examples of sites promoting schemes that target iPhone users. These online schemes attempt to trick users into performing certain actions.

For example downloading/installing and purchasing dubious/malicious software, calling fake service/support numbers, revealing personal information (e.g. names, addresses, emails, credit card details, etc.), paying fake fees, and so on.

Popular scam models include (but are not limited to) warnings that the device is infected or at risk, alerts that a crucial piece of software is outdated or missing, "amazing" offers/deals and prize giveaways. The only purpose of such scams is to generate revenue for the scammers/cyber criminals behind them.

How did potentially unwanted applications install on my computer?

Some PUAs have "official" download web pages, which are often promoted by deceptive/scam sites. These apps are also spread through the download and installation set-ups of other software. This deceptive marketing method of pre-packing regular products with unwanted or malicious additions is called "bundling".

When downloading/installing, ignoring terms, skipping steps, and using pre-set options increases the risk of inadvertent installation of bundled content. Intrusive ads proliferate unwanted applications as well. Once clicked, they can execute scripts to download/install PUAs without users' consent.

How to avoid installation of potentially unwanted applications

All products should be researched to verify their legitimacy, before download/installation or purchase. You are advised to use official and trustworthy download channels. Unofficial and free file-hosting websites, Peer-to-Peer sharing networks and third party downloaders are untrusted and can offer likewise suspect content.

Download and installation processes should be approached with caution. It is important to read the terms, explore all available options, use the "Custom/Advanced" settings and opt-out of additional apps, tools, features and so on. Intrusive advertisements may seem normal, however, they can redirect to highly dubious web pages (e.g. gambling, pornography, adult-dating, etc.).

If you encounter ads/redirects of this kind, inspect the system and immediately remove all dubious applications and browser extensions/plug-ins. If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate them.

Text presented in the originalsecureus[.]com pop-up:

Warning: The device has been infected by (4) viruses!
Viruses will damage your mobile phone, SIM card and erase all your contacts!
Please follow the instructions on the next page to remove the viruses.

Screenshot of the alternative variant of originalsecureus[.]com:

Text presented in this variant:

Someone May Be Watching
What You Browse
Your IP - could be exposed.
Someone may know your Apple iPhone

 

Follow three steps to encrypt your web traffic and change your IP address:
1. Click below to download VPN.
2. Open app, click connect button.
3. Browse web and apps anonymously.
5 minutes 38 seconds
Install Now Cancel

Screenshot of the promoted application:

To enable pop-up blocking, fraudulent website warnings, and remove web browsing data in mobile Apple devices, follow these steps:

First, go to "Settings", and then scroll down to find and tap "Safari".

Check if the "Block Pop-ups" and "Fraudulent Website Warning" toggles are enabled. If not, enable them immediately. Then, scroll down and tap "Advanced".

Tap "Website Data" and then "Remove All Website Data".

Instant automatic Mac malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

• What is "originalsecureus[.]com"?
• STEP 1. Remove PUA related files and folders from OSX.
• STEP 2. Remove rogue extensions from Safari.
• STEP 3. Remove rogue add-ons from Google Chrome.
• STEP 4. Remove potentially unwanted plug-ins from Mozilla Firefox.

Video showing how to remove adware and browser hijackers from a Mac computer:

Potentially unwanted applications removal:

Remove potentially unwanted applications from your "Applications" folder:

Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX","NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.

Remove adware-related files and folders

Click the Finder icon, from the menu bar. Choose Go, and click Go to Folder...

Check for adware generated files in the /Library/LaunchAgents/ folder:

In the Go to Folder... bar, type: /Library/LaunchAgents/

In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.

Check for adware generated files in the ~/Library/Application Support/ folder:

In the Go to Folder... bar, type: ~/Library/Application Support/

In the "Application Support" folder, look for any recently-added suspicious folders. For example, "MplayerX" or "NicePlayer", and move these folders to the Trash.

Check for adware generated files in the ~/Library/LaunchAgents/ folder:

In the Go to Folder... bar, type: ~/Library/LaunchAgents/

In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.

Check for adware generated files in the /Library/LaunchDaemons/ folder:

In the "Go to Folder..." bar, type: /Library/LaunchDaemons/

In the "LaunchDaemons" folder, look for recently-added suspicious files. For example "com.aoudad.net-preferences.plist", "com.myppes.net-preferences.plist", "com.kuklorest.net-preferences.plist", "com.avickUpd.plist", etc., and move them to the Trash.

Scan your Mac with Combo Cleaner:

If you have followed all the steps correctly, your Mac should be clean of infections. To ensure your system is not infected, run a scan with Combo Cleaner Antivirus. Download it HERE. After downloading the file, double click combocleaner.dmg installer. In the opened window, drag and drop the Combo Cleaner icon on top of the Applications icon. Now open your launchpad and click on the Combo Cleaner icon. Wait until Combo Cleaner updates its virus definition database and click the "Start Combo Scan" button.

Combo Cleaner will scan your Mac for malware infections. If the antivirus scan displays "no threats found" - this means that you can continue with the removal guide; otherwise, it's recommended to remove any found infections before continuing.

After removing files and folders generated by the adware, continue to remove rogue extensions from your Internet browsers.

Remove malicious extensions from Internet browsers

Remove malicious Safari extensions:

Open the Safari browser, from the menu bar, select "Safari" and click "Preferences...".

In the preferences window, select "Extensions" and look for any recently-installed suspicious extensions. When located, click the "Uninstall" button next to it/them. Note that you can safely uninstall all extensions from your Safari browser - none are crucial for regular browser operation.

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Safari.

Remove malicious extensions from Google Chrome:

Click the Chrome menu icon (at the top right corner of Google Chrome), select "More Tools" and click "Extensions". Locate all recently-installed suspicious extensions, select these entries and click "Remove".

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Google Chrome.

Remove malicious extensions from Mozilla Firefox:

Click the Firefox menu (at the top right corner of the main window) and select "Add-ons and themes". Click "Extensions", in the opened window locate all recently-installed suspicious extensions, click on the three dots and then click "Remove".

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Mozilla Firefox.

▼ Show Discussion