Your Mac Is Infected With 4 Viruses POP-UP Scam (Mac)

What is "Your Mac is infected with 4 viruses"?

"Your Mac is infected with 4 viruses" is a fake virus alert that appears when opening a scam website. Like most scams of this type, it attempts to trick people into downloading a dubious application - in this case, cleaning software for Mac computers.

Typically, these websites are opened by potentially unwanted apps (PUAs) that people have installed on their browsers or computers. PUAs feed users with intrusive ads and gather data.

This deceptive page displays a pop-up window presented as an "Important alert". The pop-up states that the site has detected four viruses and encourages visitors to click "OK" to begin the 'repair process'. It then runs a fake virus scan that, once finished, states that the computer is infected with a number of Trojans, adware-type programs, and other viruses.

The scan results are displayed in a window disguised as macOS Security Center, which urges people to remove the viruses immediately, otherwise they might cause system damage, data loss, and so on. Users are encouraged to download the latest cleaning software by clicking the "Download" button.

Note that Apple has nothing to do with software promoted through this scam or with the scam itself. Do not download programs from these websites - ignore them and do not trust the statements.

As mentioned, most people end up visiting scam websites due to PUAs installed on their browsers (or computers). Note that PUAs also gather data. Once installed, they record IP addresses, URLs of visited websites, entered search queries, geolocations, and other information. Some PUAs  also record personal details.

Developers share the data with other third parties who misuse it to generate revenue. Some of these third parties might be cyber criminals. Note that PUAs often display intrusive ads such as coupons, banners, surveys, pop-up ads, and so on.

These conceal underlying content of visited websites and, if clicked, redirect people to untrustworthy websites or execute scripts designed to download and install other unwanted apps. PUAs can thus lead to privacy/browsing safety issues or even cause identity theft. We strongly recommend that you remove all PUAs from your browsers/computers immediately.

Threat Summary:

Name	"Your Mac is infected with 4 viruses" virus
Threat Type	Mac malware, Mac virus.
Symptoms	Your Mac becomes slower than normal, you see unwanted pop-up ads, you are redirected to dubious websites.
Distribution methods	Deceptive pop-up ads, free software installers (bundling), fake Flash Player installers, torrent file downloads, potentially unwanted applications.
Damage	Internet browser tracking (potential privacy issues), display of unwanted ads, redirects to dubious websites, loss of private information, installation of potentially unwanted applications.
Malware Removal (Mac)	To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. ▼ Download Combo Cleaner for Mac To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

"Your Mac is infected with 4 viruses" is just one of many scams designed to trick people into downloading unwanted apps. Other examples are "Mac OS X Is Infected (4) By Viruses", "APPLE.COM RECOMMENDS", and "Your OSX 10.11 El Capitan Is Infected With 3 Viruses!". Apps promoted through these scams should not be trusted, downloaded, or installed.

How did potentially unwanted applications install on my computer?

Typically, people install PUAs unintentionally. Inadvertent downloads and installations usually happen when users click intrusive ads, or software developers use a deceptive marketing method called "bundling".

They use this method to trick people into downloading and installing unwanted apps with other software by hiding unwanted apps in "Custom", "Advanced", and other similar settings of software download/installation set-ups. Information regarding the inclusion of PUAs in set-ups is not properly disclosed.

Furthermore, many people download and install these apps inadvertently when they skip download/installation steps without checking the available settings.

How to avoid installation of potentially unwanted applications?

Download software using legitimate, official, and trustworthy sources. Avoid using third party software downloaders, Peer-to-Peer networks such as torrents, eMule, unofficial sites and other similar sources.

Install software with care, do not finish any installation without first checking all available "Custom", "Advanced" and other settings, and dismissing offers to download/install unwanted apps. Intrusive ads displayed on dubious pages often seem legitimate, however, they cause unwanted redirects to websites such as gambling, pornography, adult dating, etc.

If you experience these redirects and ads, check your browser for any suspicious extensions, plug-ins, or add-ons, and remove all unwanted entries. Also apply this to unwanted programs installed on your computer. If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate them.

Text presented in the first pop-up window displayed by this scam:

Important alert
We have detected 4 viruses in your Mac. Press OK to begin the repair process.
macOS is being scanner
Software scan may take some time, depending on the type of your Mac.

Screenshot of "Your Mac is infected with 4 viruses" scam displaying fake virus scan results:

Text presented macOS Security Center pop-up window:

Your Mac is infected with 4 viruses
The removal of viruses is required immediately to prevent further system damage, loss of programs, photos, videos or other files.
Click ´Downloadª to download and install the newest cleaning software on your Mac.

Name Infected file Type Threat level
macOS/Hoax.Renos.HX /Macintosh HD/Users/Library/App.. Virus Medium
Trojan IRC/Backdor.SdBot4.FRV /Macintosh HD/Users/Library/CoreD.. Virus Medium
Adware.macOS.Look2me.ab /Macintosh HD/Users/All/Contain.. Virus Critical
Trojan.Qoologic ñ Key Logger /Macintosh HD/Users/Library/Xcode Virus High

Another variant of "Your Mac is infected with 4 viruses" pop-up scam (0fficial[.]info scam) which promotes Cleanup My Mac unwanted application:

Text presented within this scam:

Initial pop-up:

 

ATTENTION!
Your Mac OS X is infected (4) by viruses and Your system is damaged.
You must clean the system from viruses, as quick as possible!

** Do not ignore this warning **

 

 

Background page:

 

Your system is seriously damaged, found (4) viruses!

We discovered that Your Mac OS is damaged on 37,2% and contains (4) viruses.

If you will not delete viruses right now, then it can result in the damage of system files, data, appendixes and etc.

You need to do (step by step):

Step 1: Push the button Download and get free antivirus app.

Step 2: Download MacCleaner and recover Your system!

Screenshot of Cleanup My Mac application:

Instant automatic Mac malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

• What is "Your Mac is infected with 4 viruses" virus?
• How to identify a pop-up scam?
• How do pop-up scams work?
• How to remove fake pop-ups?
• How to prevent fake pop-ups?
• What to do if you fell for a pop-up scam?

How to identify a pop-up scam?

Pop-up windows with various fake messages are a common type of lures cybercriminals use. They collect sensitive personal data, trick Internet users into calling fake tech support numbers, subscribe to useless online services, invest in shady cryptocurrency schemes, etc.

While in the majority of cases these pop-ups don't infect users' devices with malware, they can cause direct monetary loss or could result in identity theft.

Cybercriminals strive to create their rogue pop-up windows to look trustworthy, however, scams typically have the following characteristics:

• Spelling mistakes and non-professional images - Closely inspect the information displayed in a pop-up. Spelling mistakes and unprofessional images could be a sign of a scam.
• Sense of urgency - Countdown timer with a couple of minutes on it, asking you to enter your personal information or subscribe to some online service.
• Statements that you won something - If you haven't participated in a lottery, online competition, etc., and you see a pop-up window stating that you won.
• Computer or mobile device scan - A pop-up window that scans your device and informs of detected issues - is undoubtedly a scam; webpages cannot perform such actions.
• Exclusivity - Pop-up windows stating that only you are given secret access to a financial scheme that can quickly make you rich.

Example of a pop-up scam:

How do pop-up scams work?

Cybercriminals and deceptive marketers usually use various advertising networks, search engine poisoning techniques, and shady websites to generate traffic to their pop-ups. Users land on their online lures after clicking on fake download buttons, using a torrent website, or simply clicking on an Internet search engine result.

Based on users' location and device information, they are presented with a scam pop-up. Lures presented in such pop-ups range from get-rich-quick schemes to fake virus scans.

How to remove fake pop-ups?

In most cases, pop-up scams do not infect users' devices with malware. If you encountered a scam pop-up, simply closing it should be enough. In some cases scam, pop-ups may be hard to close; in such cases - close your Internet browser and restart it.

In extremely rare cases, you might need to reset your Internet browser. For this, use our instructions explaining how to reset Internet browser settings.

How to prevent fake pop-ups?

To prevent seeing pop-up scams, you should visit only reputable websites. Torrent, Crack, free online movie streaming, YouTube video download, and other websites of similar reputation commonly redirect Internet users to pop-up scams.

To minimize the risk of encountering pop-up scams, you should keep your Internet browsers up-to-date and use reputable anti-malware application. For this purpose, we recommend Combo Cleaner Antivirus for macOS.

What to do if you fell for a pop-up scam?

This depends on the type of scam that you fell for. Most commonly, pop-up scams try to trick users into sending money, giving away personal information, or giving access to one's device.

• If you sent money to scammers: You should contact your financial institution and explain that you were scammed. If informed promptly, there's a chance to get your money back.
• If you gave away your personal information: You should change your passwords and enable two-factor authentication in all online services that you use. Visit Federal Trade Commission to report identity theft and get personalized recovery steps.
• If you let scammers connect to your device: You should scan your computer with reputable anti-malware (we recommend Combo Cleaner Antivirus for macOS) - cyber criminals could have planted trojans, keyloggers, and other malware, don't use your computer until removing possible threats.
• Help other Internet users: report Internet scams to Federal Trade Commission.

▼ Show Discussion