FacebookTwitterLinkedIn

PEGASUS SPYWARE ACTIVATED Scam (Mac)

Also Known As: "PEGASUS SPYWARE ACTIVATED" virus
Type: Mac Virus
Damage level: Medium

How to remove PEGASUS SPYWARE ACTIVATED from Mac?

What is PEGASUS SPYWARE ACTIVATED?

Displayed by a deceptive website, "PEGASUS SPYWARE ACTIVATED" is a fake error similar to Immediately Call Apple Support, APPLE SECURITY BREACH, AppleCare And Warranty, and many others. Users often visit this website inadvertently - they are redirected by various potentially unwanted programs (PUPs). In most cases, PUPs infiltrate systems without users’ permission. In addition to causing redirects, PUPs deliver intrusive ads, gather sensitive data, and run various unnecessary processes.

PEGASUS SPYWARE ACTIVATED scam

"PEGASUS SPYWARE ACTIVATED" targets MacOS. This error states that the system has been infected and that the infection poses a threat to users' personal details - logins/passwords, banking information, and other private information might be stolen. Users are encouraged to immediately contact Apple Care via a telephone number ("+1 855 564 1999") provided. They are then supposedly guided through the malware removal process. Be aware, however, that the "PEGASUS SPYWARE ACTIVATED" error is a scam, a fake message that has nothing to do with Apple. Cyber criminals claim to be certified technicians and attempt to trick users into paying for technical support that is not required - the malware simply does not exist. In addition, cyber criminals often demand remote access to users' computers. After connecting, they attempt to install malware and/or change system settings. They then claim to "detect" more errors and offer help for an additional fee. For these reasons, "PEGASUS SPYWARE ACTIVATED" should be ignored. It can be removed simply by closing the web browser (preferably, via a web browser) or rebooting the system. Note that, after re-running your web browser, do not click "Restore Closed Tabs", otherwise you will visit the malicious site again.

As mentioned above, PUPs deliver various intrusive ads (e.g., coupons, banners, pop-ups, etc.) These are delivered via tools that enable placement of third party graphical content on any site. Therefore, most overlay visited website content, thereby significantly diminishing the browsing experience. Furthermore, some of these ads lead to malicious websites and even execute scripts that download/install malware (or other PUPs). Therefore, even a single click can result in high-risk computer infections. Another downside is data tracking. PUPs record user-system information that often includes personal details. The data is typically sold to third parties (potentially, cyber criminals) who misuse personal details to generate revenue. Therefore, the presence of data-tracking apps can lead to serious privacy issues. In addition, PUPs might run unnecessary processes (e.g., mine cryptourrency) without users' consent. By stealthily misusing resources, they significantly reduce overall system performance. For these reasons, we strongly advise you to uninstall all PUPs immediately.

Threat Summary:
Name"PEGASUS SPYWARE ACTIVATED" virus
Threat TypeMac malware, Mac virus
SymptomsYour Mac became slower than normal, you see unwanted pop-up ads, you get redirected to shady websites.
Distribution methodsDeceptive pop-up ads, free software installers (bundling), fake flash player installers, torrent file downloads.
DamageInternet browsing tracking (potential privacy issues), displaying of unwanted ads, redirects to shady websites, loss of private information.
Malware Removal (Mac)

To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
▼ Download Combo Cleaner for Mac
To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

"PEGASUS SPYWARE ACTIVATED" shares many similarities with dozens of other fake errors. All claim that the system is damaged (e.g., missing files, infected, etc.), however, these errors are designed only to extort money from unsuspecting users. Research shows that potentially unwanted programs also share many similarities. By falsely claiming to provide various "useful features", PUPs attempt to give the impression of legitimacy, however, these programs are designed only to generate revenue for the developers. Rather than giving any real value, PUPs pose a direct threat to your privacy and Internet browsing safety.

How did potentially unwanted programs install on my computer?

To proliferate PUPs, developers typically employ intrusive ads, and a deceptive marketing method called "bundling". Therefore, due to lack of caution and careless behavior by many users, PUPs often infiltrate systems without permission. "Bundling" is stealth installation of PUPs together with regular software. Developers do not disclose these installations properly - they hide "bundled" apps within various sections (e.g., "Advanced/Custom" settings) of the download/installation processes. Many users rush these processes and skip steps. In addition, they click various ads without understanding the possible consequences. In doing so, they expose their systems to risk of various infections.

How to avoid installation of potentially unwanted applications?

This situation can be prevented by paying close attention during the download/installation processes, and when browsing the Internet. Carefully analyze each step of the download/installation processes and opt-out of all additionally-included programs. Bear in mind that criminals invest many resources into intrusive ad design. Therefore, most look legitimate, however, these ads redirect to dubious websites (e.g., pornography, gambling, adult dating, etc.) If you encounter such ads, uninstall all suspicious applications and browser plug-ins.

Text presented in "PEGASUS SPYWARE ACTIVATED" pop-up:

** YOUR APPLE DEVICE HAS A VIRUS **

Apple iOS Alert!!

Error # 268d3

PEGASUS (SPYWARE) ACTIVATED

System might be Infected due to unexpected error!
Please call Apple Care immediately at: +1 855 564 1999
Do not ignore this critical alert.
If you close this page, your Apple Device access will be disabled to prevent further damage to our network.

Your Apple Device has alerted us that it has been infected with a virus and spyware. The following information is being stolen...

> Facebook Login
> Credit Card Details
> Email Account Login
> Photos stored on this Device
You must contact us immediately so that our engineers can walk you through the removal process over the phone. Please call us within the next 5 minutes to prevent your Apple Device from being disabled.

Toll Free: +1 855 564 1999

Appearance of "PEGASUS SPYWARE ACTIVATED" scam (GIF):

Appearance of PEGASUS SPYWARE ACTIVATED scam (GIF)

Here's how this tech support scam appears on an iPhone (tech support scammers are using +1-855-500-0471 phone number):

fake apple ios alert on iPhone (tech support scam)

Text presented in the mobile version of this tech support scam:

YOUR APPLE DEVICE HAS A VIRUS
Apple iOS Alert!!
PEGASUS (SPYWARE) ACTIVATED
System might be infected due to unexpected error! Please Contract Apple Care +1-855-500-0471 Immediately! for assistance regarding how to remove it. Suspicious Activity Detected. Your Browser might be compromised. Possible network damages if virus not removed immediately.

This fake pop-up is commonly displayed on iPhones. To eliminate it, simply close the tab and clear your Safari browser cache. To do this:

1. Open the Settings app.
2. Scroll down until you see Safari and tap on it.
3. Select Clear History and Website Data.

Instant automatic Mac malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited three days free trial available.

Quick menu:

Video showing how to remove adware and browser hijackers from a Mac computer:

Potentially unwanted programs removal:

Remove PUP-related potentially unwanted applications from your "Applications" folder:

mac adware removal from applications folder

Click the Finder icon. In the Finder window, select “Applications”. In the applications folder, look for “MPlayerX”,“NicePlayer”, or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.

Remove "pegasus spyware activated" virus related files and folders:

Finder go to folder command

Click the Finder icon, from the menu bar. Choose Go, and click Go to Folder...

step1Check for adware-generated files in the /Library/LaunchAgents folder:

removing adware from launch agents folder step 1

In the Go to Folder... bar, type: /Library/LaunchAgents

removing adware from launch agents folder step 2
In the “LaunchAgents” folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - “installmac.AppRemoval.plist”, “myppes.download.plist”, “mykotlerino.ltvbit.plist”, “kuklorest.update.plist”, etc. Adware commonly installs several files with the same string.

step2Check for adware generated files in the /Library/Application Support folder:

removing adware from application support folder step 1

In the Go to Folder... bar, type: /Library/Application Support

removing adware from application support folder step 2
In the “Application Support” folder, look for any recently-added suspicious folders. For example, “MplayerX” or “NicePlayer”, and move these folders to the Trash.

step3Check for adware-generated files in the ~/Library/LaunchAgents folder:

removing adware from ~launch agents folder step 1


In the Go to Folder bar, type: ~/Library/LaunchAgents

removing adware from ~launch agents folder step 2

In the “LaunchAgents” folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - “installmac.AppRemoval.plist”, “myppes.download.plist”, “mykotlerino.ltvbit.plist”, “kuklorest.update.plist”, etc. Adware commonly installs several files with the same string.

step4Check for adware-generated files in the /Library/LaunchDaemons folder:

removing adware from launch daemons folder step 1
In the Go to Folder... bar, type: /Library/LaunchDaemons

removing adware from launch daemons folder step 2
In the “LaunchDaemons” folder, look for recently-added suspicious files. For example “com.aoudad.net-preferences.plist”, “com.myppes.net-preferences.plist”, "com.kuklorest.net-preferences.plist”, “com.avickUpd.plist”, etc., and move them to the Trash.

step 5 Scan your Mac with Combo Cleaner:

If you have followed all the steps in the correct order you Mac should be clean of infections. To be sure your system is not infected run a scan with Combo Cleaner Antivirus. Download it HERE. After downloading the file double click combocleaner.dmg installer, in the opened window drag and drop Combo Cleaner icon on top of the Applications icon. Now open your launchpad and click on the Combo Cleaner icon. Wait until Combo Cleaner updates it's virus definition database and click "Start Combo Scan" button.

scan-with-combo-cleaner-1

Combo Cleaner will scan your Mac for malware infections. If the antivirus scan displays "no threats found" - this means that you can continue with the removal guide, otherwise it's recommended to remove any found infections before continuing.

scan-with-combo-cleaner-2

After removing files and folders generated by the adware, continue to remove rogue extensions from your Internet browsers.

"PEGASUS SPYWARE ACTIVATED" virus removal from Internet browsers:

safari browser iconRemove malicious extensions from Safari:

Remove "pegasus spyware activated" virus related Safari extensions:

safari browser preferences

Open Safari browser, from the menu bar, select "Safari" and click "Preferences...".

safari extensions window

In the preferences window, select "Extensions" and look for any recently-installed suspicious extensions. When located, click the "Uninstall" button next to it/them. Note that you can safely uninstall all extensions from your Safari browser - none are crucial for normal browser operation.

  • If you continue to have problems with browser redirects and unwanted advertisements - Reset Safari.

firefox browser iconRemove malicious plug-ins from Mozilla Firefox:

Remove "pegasus spyware activated" virus related Mozilla Firefox add-ons:

accessing mozilla firefox add-ons

Open your Mozilla Firefox browser. At the top right corner of the screen, click the "Open Menu" (three horizontal lines) button. From the opened menu, choose "Add-ons".

removing malicious add-ons from mozilla firefox

Choose the "Extensions" tab and look for any recently-installed suspicious add-ons. When located, click the "Remove" button next to it/them. Note that you can safely uninstall all extensions from your Mozilla Firefox browser - none are crucial for normal browser operation.

  • If you continue to have problems with browser redirects and unwanted advertisements - Reset Mozilla Firefox.

chrome-browser-iconRemove malicious extensions from Google Chrome:

Remove "pegasus spyware activated" virus related Google Chrome add-ons:

removing malicious google chrome extensions step 1

Open Google Chrome and click the "Chrome menu" (three horizontal lines) button located in the top-right corner of the browser window. From the drop-down menu, choose "More Tools" and select "Extensions".

removing malicious Google Chrome extensions step 2

In the "Extensions" window, look for any recently-installed suspicious add-ons. When located, click the "Trash" button next to it/them. Note that you can safely uninstall all extensions from your Google Chrome browser - none are crucial for normal browser operation.

  • If you continue to have problems with browser redirects and unwanted advertisements - Reset Google Chrome.

Click to post a comment

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk logo

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Removal Instructions in other languages
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

QR Code
PEGASUS SPYWARE ACTIVATED virus QR code
Scan this QR code to have an easy access removal guide of "PEGASUS SPYWARE ACTIVATED" virus on your mobile device.
We Recommend:

Get rid of Mac malware infections today:

▼ REMOVE IT NOW
Download Combo Cleaner for Mac

Platform: macOS

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. Limited three days free trial available.