Avoid websites displaying the "Your Mac OS Might Be Infected" message
Written by Tomas Meskauskas on (updated)
What is "Your Mac OS Might Be Infected"?
Many deceptive websites display fake pop-up messages and trick visitors into downloading and installing dubious applications. They often display an identical pop-up window and message. This web page is one example and is used to distribute Smart Mac Booster, however, it might also be used to promote other, similar applications.
Typically, visitors are encouraged to install the app and use it for removal of detected malware. We advise against downloading or installing apps that are advertised though websites of this type. Browsers often open these sites due to potentially unwanted applications (PUAs) installed on them.
Once opened, this deceptive site displays a pop-up window with a notification stating that the MacOS might be infected. To begin the repair process, visitors are urged to click the "OK" button. The main page states that the operating system (in this case, MacOS High Sierra) is infected with three viruses.
To avoid further system damage (loss of photos, apps, and other data), visitors are encouraged to remove the viruses immediately. It is also mentioned that banking information is at risk. Visitors are supposedly able to remove detected malware after scanning their systems by clicking the "Scan Now" button.
This web page runs a fake scanner, which detects certain malicious software and then offers to remove it by downloading the maccleaner.pkg file, which it uses to install the Smart Mac Booster app. In fact, this web page might also be used to promote other dubious apps.
Some examples of apps of this kind are Mac Clean Pro, Advanced Mac Booster, and Qbit Mac Speedup. In any case, do not download or install any apps that are distributed through dubious sites such as this.
Apps that force browsers to open deceptive and untrustworthy websites often gather information relating to users and display unwanted ads. They record details such as IP addresses, geolocations, addresses of visited websites, entered search queries, etc. Some PUAs might be designed to collect personal information.
Typically, developers share the details with third parties who misuse them to generate revenue. Furthermore, these apps might serve coupons, surveys, banners, pop-ups, and other intrusive, unwanted ads. These usually conceal underlying content of visited websites.
Furthermore, people who click them are redirected to dubious web pages, or they cause download/installation of unwanted applications.
|Name||Your Mac OS might be infected pop-up|
|Threat Type||Mac malware, Mac virus.|
|Fake Claim||According to the message on this deceptive web page, the user's operating system is infected with three viruses.|
|Promoted Unwanted Application||Smart Mac Booster|
|Related Domains||Full list below.|
|Symptoms||Your Mac becomes slower than normal, you see unwanted pop-up ads, you are redirected to dubious websites.|
|Distribution methods||Deceptive pop-up ads, free software installers (bundling), fake Flash Player installers, torrent file downloads.|
|Damage||Internet browser tracking (potential privacy issues), display of unwanted ads, redirects to dubious websites, loss of private information.|
|Malware Removal (Mac)||
To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
"Your Mac OS Might Be Infected" is a message that is displayed in pop-up windows on many deceptive web pages, which are used to trick visitors into downloading and installing untrustworthy software. Other examples of similar sites are Mondaysunday, apple.com-guard-device[.]live, and apple.com-optimize-mac[.]live.
We recommend that you ignore these websites and never download anything from them. PUAs (apps that force browsers to open the web pages) are usually advertised as 'useful applications', however, most are useless and cause only problems.
People who have them installed on their systems risk problems with browsing safety, privacy, or they might even have their identities stolen.
How did potentially unwanted applications install on my computer?
People often cause download/installation of PUAs unintentionally. This happens when they click deceptive ads that execute scripts designed to cause unwanted downloads/installations, or when developers use a deceptive marketing method called "bundling".
When they distribute PUAs using this method, they include unwanted apps into the set-ups of other software. They hide offers to download or install additional apps in "Custom", "Advanced", "Manual", and other similar settings. In many cases, people cause installation/downloads of various unwanted apps simply by leaving all available settings unchecked and unchanged.
How to avoid installation of potentially unwanted applications
Do not download or install programs using third party downloaders, Peer-to-Peer networks such as torrent clients, eMule, untrustworthy (unofficial) websites, and so on. The best way is to use official websites and direct download links.
Check "Advanced", "Custom" and other settings of any download or installation setup and deselect offers to download or install unwanted applications. Do not click intrusive advertisements, since these can redirect to untrustworthy websites or lead to unwanted downloads/installations.
If the browser causes unwanted redirects or displays ads, check for unwanted extensions, plug-ins, and add-ons installed on it. Also check the list of installed programs on the computer. Remove all unwanted, suspicious software immediately.
If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate them.
Text in a pop-up:
IMMEDIATE ACTION REQUIRED !
You Mac OS might be infected.
Press OK to begin the repair process.
Screenshot of the main web page:
Text in this web page:
Your OS High Sierra is infected with (3) viruses!
Your OS High Sierra is infected with (3) viruses. Our security check found traces of 2 malware and 1 phishing/spyware. System damage: 28.1% - Immediate removal required!
The immediate removal of the viruses is required to prevent further system damage, loss of Apps, Photos or other files. Traces of 1 phishing/spyware were found on your OS High Sierra with.
Personal and banking information are at risk.
To avoid more damage click on 'Scan Now' immediately. Our deep scan will provide help immediately!
4 minutes and seconds 38 remaining before damage is permanent. Scan Now
Appearance of "Your Mac OS Might Be Infected" scam (GIF):
List of websites related to this pop-up scam:
Smart Mac Booster installer:
Smart Mac Booster application:
Instant automatic Mac malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
- What is Your Mac OS might be infected pop-up?
- How to identify a pop-up scam?
- How do pop-up scams work?
- How to remove fake pop-ups?
- How to prevent fake pop-ups?
- What to do if you fell for a pop-up scam?
How to identify a pop-up scam?
Pop-up windows with various fake messages are a common type of lures cybercriminals use. They collect sensitive personal data, trick Internet users into calling fake tech support numbers, subscribe to useless online services, invest in shady cryptocurrency schemes, etc.
While in the majority of cases these pop-ups don't infect users' devices with malware, they can cause direct monetary loss or could result in identity theft.
Cybercriminals strive to create their rogue pop-up windows to look trustworthy, however, scams typically have the following characteristics:
- Spelling mistakes and non-professional images - Closely inspect the information displayed in a pop-up. Spelling mistakes and unprofessional images could be a sign of a scam.
- Sense of urgency - Countdown timer with a couple of minutes on it, asking you to enter your personal information or subscribe to some online service.
- Statements that you won something - If you haven't participated in a lottery, online competition, etc., and you see a pop-up window stating that you won.
- Computer or mobile device scan - A pop-up window that scans your device and informs of detected issues - is undoubtedly a scam; webpages cannot perform such actions.
- Exclusivity - Pop-up windows stating that only you are given secret access to a financial scheme that can quickly make you rich.
Example of a pop-up scam:
How do pop-up scams work?
Cybercriminals and deceptive marketers usually use various advertising networks, search engine poisoning techniques, and shady websites to generate traffic to their pop-ups. Users land on their online lures after clicking on fake download buttons, using a torrent website, or simply clicking on an Internet search engine result.
Based on users' location and device information, they are presented with a scam pop-up. Lures presented in such pop-ups range from get-rich-quick schemes to fake virus scans.
How to remove fake pop-ups?
In most cases, pop-up scams do not infect users' devices with malware. If you encountered a scam pop-up, simply closing it should be enough. In some cases scam, pop-ups may be hard to close; in such cases - close your Internet browser and restart it.
In extremely rare cases, you might need to reset your Internet browser. For this, use our instructions explaining how to reset Internet browser settings.
How to prevent fake pop-ups?
To prevent seeing pop-up scams, you should visit only reputable websites. Torrent, Crack, free online movie streaming, YouTube video download, and other websites of similar reputation commonly redirect Internet users to pop-up scams.
To minimize the risk of encountering pop-up scams, you should keep your Internet browsers up-to-date and use reputable anti-malware application. For this purpose, we recommend Combo Cleaner Antivirus for macOS.
What to do if you fell for a pop-up scam?
This depends on the type of scam that you fell for. Most commonly, pop-up scams try to trick users into sending money, giving away personal information, or giving access to one's device.
- If you sent money to scammers: You should contact your financial institution and explain that you were scammed. If informed promptly, there's a chance to get your money back.
- If you gave away your personal information: You should change your passwords and enable two-factor authentication in all online services that you use. Visit Federal Trade Commission to report identity theft and get personalized recovery steps.
- If you let scammers connect to your device: You should scan your computer with reputable anti-malware (we recommend Combo Cleaner Antivirus for macOS) - cyber criminals could have planted trojans, keyloggers, and other malware, don't use your computer until removing possible threats.
- Help other Internet users: report Internet scams to Federal Trade Commission.
▼ Show Discussion