What is apple.com-guard-device[.]live?
apple.com-guard-device[.]live is a scam site, which is designed to endorse the Cleanup My Mac application using scare tactics. This website operates by alerting users of supposed threats it has detected. Note that any viruses apple.com-guard-device[.]live detects are false.
This web page should not be trusted and the products it advertises should not be downloaded or installed.
Typically, scam websites offer apps, which are fake and nonoperational. Few users access apple.com-guard-device[.]live intentionally - most are redirected to it by intrusive advertisements or potentially unwanted applications (PUAs) already present on their Mac operating systems.
Initially, apple.com-guard-device[.]live displays a pop-up window requesting immediate action. It claims to have found "e.tre456_worm_osx", a trojan virus within the user's system. The background page lists additional problems, which have supposedly been detected.
This comprises three viruses: two malware and one phishing/spyware. It further states that the user's personal and banking information is at risk. It attempts to scare users by showing a countdown of time remaining before the alleged damage becomes permanent.
By clicking the "Scan Now" button, users are shown a fake system scan in progress. When this process is finished, it 'finds' the Tapsnake, CronDNS, and Dubfishicv viruses and lists infected files. When the "REMOVE VIRUSES NOW" button is clicked, it downloads the maccleaner.pkg file.
This, and other similar files, are used to proliferate unwanted apps. Do not open the maccleaner.pkg file, as software installed by it is often rogue and/or nonfunctional. The same recommendations extend to Cleanup My Mac (the app advertised by apple.com-guard-device[.]live), which is classed as a PUA.
There are many similar fraudulent apps available including, for example, Mac Cleanup Pro, Mac Mechanic, Mac Space Reviver, etc. These applications usually require payment to be activated, however, they are usually fraudulent and nonoperational.
PUAs are released by the thousand and most share certain traits. They typically seem legitimate and offer a wide variety of "useful" and "beneficial" features/abilities, however, in most cases, these features do not work as advertised, if indeed they are operational at all.
The only goal of all unwanted software/content is to generate profit for the developers, whilst regular users receive no genuine value. Rather than delivering any real value, PUAs cause redirects to various sale-based, untrustworthy, or even malicious websites.
They can also hijack browsers and deliver intrusive advertisement campaigns (e.g. pop-ups, banners, surveys, coupons, and so on), however, their most dangerous ability is data tracking. By monitoring browsing activity (URLs visited, pages viewed, search engine history, etc.), they collect users' personal information (IP addresses, geolocations, and private details).
Note that this data is then sold to third parties and can end up being used for criminal purposes. Therefore, PUAs can cause various browser and system infiltration/infections and lead to severe privacy issues (and even identity theft). To protect device integrity and user safety, remove all suspicious applications and/or browser extensions/plug-ins immediately upon detection.
|Threat Type||Phishing, Scam, Mac malware, Mac virus.|
|Detection Names||BitDefender (Malware), Spamhaus (Malware), Fortinet (Spam), Full List (VirusTotal)|
|Serving IP Address||126.96.36.199|
|Promoted Unwanted Application||Cleanup My Mac|
|Symptoms||Your Mac becomes slower than normal, you see unwanted pop-up ads, you are redirected to dubious websites.|
|Distribution methods||Deceptive pop-up ads, free software installers (bundling), fake flash player installers, torrent file downloads.|
|Damage||Internet browser tracking (potential privacy issues), display of unwanted ads, redirects to dubious websites, loss of private information.|
|Malware Removal (Mac)||
To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
Most of these scam websites use scare tactics (they warn of various false threats and viruses, etc.) to pressure users into downloading the software they endorse (the programs are often redundant). This type of website is often force-opened by PUAs already present on the system.
How did potentially unwanted applications install on my computer?
Some PUAs have "official" download pages. They can also be installed together regular content. The deceptive marketing method of pre-packing regular software with unwanted apps is called "bundling" and is very prominent amongst PUA developers. It is also quite successful.
Therefore, rushing download/installation processes (e.g. ignoring terms, skipping steps, etc.) increases the risk of potential system infiltration and infections. Intrusive advertisements are also capable of the downloading/installing unwanted applications. By clicking them, users can trigger these ads to execute scripts designed to make rogue downloads/installs.
How to avoid installation of potentially unwanted applications
Use official and verified download channels. Peer-to-Peer sharing networks, unofficial and free file-hosting websites, third party downloaders and similar are untrustworthy and should not be used. Treat download and installation processes with caution.
Read the terms, study possible options, use the "Custom/Advanced" settings, and decline download/installation of additional content (e.g. apps, tools, features, etc.). Note that intrusive ads usually seem normal and harmless, however they can redirect to dubious sites (e.g. gambling, adult-dating, pornography, and similar).
If you experience these ads/redirects, inspect your system and remove all dubious applications and/or browser extensions/plug-ins without delay. If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate them.
Text in the pop-up window apple.com-guard-device[.]live displays:
IMMEDIATE ACTION REQUIRED
We have detected a trojan virus (e.tre456_worm_osx) on your Mac.
Press OK to begin the repair process.
Screenshot of apple.com-guard-device[.]live background page:
Text in the background page:
Your system is infected with 3 viruses! Wednesday, October 2, 2019 9:14 AM
Your Mac is infected with 3 viruses. Our security check found traces of 2 malware and 1 phishing/spyware. System damage: 28.1% - Immediate removal required!
The immediate removal of the viruses is required to prevent further system damage, loss of Apps, Photos or other files.
Traces of 1 phishing/spyware were found on your Mac with MacOS 10.14 Mojave.
Personal and banking information is at risk.
To avoid more damage click on 'Scan Now' immediately. Our deep scan will provide help immediately!
4 minute and 33 seconds remaining before damage is permanent.
Screenshot of fake scan results delivered by apple.com-guard-device[.]live:
Text presented on this webpage:
Your Mac is heavily damaged! (33.2%)
Please download the Advanced Mac Cleaner application to remove 3 Viruses from your Mac.
Virus Name: Tapsnake; CronDNS; Dubfishicv
Infected Files: /os/apps/hidden/os-component/X/snake.icv; /os/local/conf/keyboard/retype.icv...
REMOVE VIRUSES NOW
Application: Advanced Mac Cleaner
Screenshot of the Cleanup My Mac installation setup:
Screenshot of the Cleanup My Mac unwanted application:
Instant automatic Mac malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
- What is apple.com-guard-device.live pop-up?
- How to identify a pop-up scam?
- How do pop-up scams work?
- How to remove fake pop-ups?
- How to prevent fake pop-ups?
- What to do if you fell for a pop-up scam?
How to identify a pop-up scam?
Pop-up windows with various fake messages are a common type of lures cybercriminals use. They collect sensitive personal data, trick Internet users into calling fake tech support numbers, subscribe to useless online services, invest in shady cryptocurrency schemes, etc.
While in the majority of cases these pop-ups don't infect users' devices with malware, they can cause direct monetary loss or could result in identity theft.
Cybercriminals strive to create their rogue pop-up windows to look trustworthy, however, scams typically have the following characteristics:
- Spelling mistakes and non-professional images - Closely inspect the information displayed in a pop-up. Spelling mistakes and unprofessional images could be a sign of a scam.
- Sense of urgency - Countdown timer with a couple of minutes on it, asking you to enter your personal information or subscribe to some online service.
- Statements that you won something - If you haven't participated in a lottery, online competition, etc., and you see a pop-up window stating that you won.
- Computer or mobile device scan - A pop-up window that scans your device and informs of detected issues - is undoubtedly a scam; webpages cannot perform such actions.
- Exclusivity - Pop-up windows stating that only you are given secret access to a financial scheme that can quickly make you rich.
Example of a pop-up scam:
How do pop-up scams work?
Cybercriminals and deceptive marketers usually use various advertising networks, search engine poisoning techniques, and shady websites to generate traffic to their pop-ups. Users land on their online lures after clicking on fake download buttons, using a torrent website, or simply clicking on an Internet search engine result.
Based on users' location and device information, they are presented with a scam pop-up. Lures presented in such pop-ups range from get-rich-quick schemes to fake virus scans.
How to remove fake pop-ups?
In most cases, pop-up scams do not infect users' devices with malware. If you encountered a scam pop-up, simply closing it should be enough. In some cases scam, pop-ups may be hard to close; in such cases - close your Internet browser and restart it.
In extremely rare cases, you might need to reset your Internet browser. For this, use our instructions explaining how to reset Internet browser settings.
How to prevent fake pop-ups?
To prevent seeing pop-up scams, you should visit only reputable websites. Torrent, Crack, free online movie streaming, YouTube video download, and other websites of similar reputation commonly redirect Internet users to pop-up scams.
To minimize the risk of encountering pop-up scams, you should keep your Internet browsers up-to-date and use reputable anti-malware application. For this purpose, we recommend Combo Cleaner Antivirus for macOS.
What to do if you fell for a pop-up scam?
This depends on the type of scam that you fell for. Most commonly, pop-up scams try to trick users into sending money, giving away personal information, or giving access to one's device.
- If you sent money to scammers: You should contact your financial institution and explain that you were scammed. If informed promptly, there's a chance to get your money back.
- If you gave away your personal information: You should change your passwords and enable two-factor authentication in all online services that you use. Visit Federal Trade Commission to report identity theft and get personalized recovery steps.
- If you let scammers connect to your device: You should scan your computer with reputable anti-malware (we recommend Combo Cleaner Antivirus for macOS) - cyber criminals could have planted trojans, keyloggers, and other malware, don't use your computer until removing possible threats.
- Help other Internet users: report Internet scams to Federal Trade Commission.