What is "Chksumm"?
Chksumm is a family of scam websites designed to promote dubious applications, which are typically fake and nonfunctional. This variant promotes the Smart Mac Booster Potentially Unwanted Application (PUA). The deceptive web pages show alerts of various 'threats' and 'issues' supposedly found on visitors' devices and offer software for their elimination.
Note that no website can detect problems within operating systems. Therefore, such claims cannot be trusted. Most visits to Chksumm occur inadvertently, often via redirects caused by intrusive advertisements or PUAs.
Once accessed, Chksumm displays a pop-up window containing a message that claims that a website visited earlier has infected the MacOS (Mac Operating System) with a virus. Pressing "OK" will allegedly begin the repair process.
When visitors close the pop-up, the site shows a different web page that reiterates the warning from the previous window and adds that a 'full system scan' is required to locate and remove the harmful files/applications. Furthermore, the page lists the user's device details, such as brand, OS version, browser, IP address, Internet provider, and location.
The "Scan Now" button starts a fake scan, which "detects" a high-risk virus called "Bankworm". To eliminate this threat, Chksumm recommends Advanced Mac Cleaner. Attempting to obtain this application leads users to the promotional web page of Smart Mac Booster.
Following the instructions to download the app actually results in download of the maccleaner.pkg file, which is known to proliferate PUAs. It spreads unwanted applications other than Smart Mac Booster including Advanced Mac Tuneup, Mac Cleanup Pro, MacKeeper, and dozens of others.
Software of this type usually requires purchase to become operational, however, even after payment, it tends to remain nonoperational.
In general, PUAs share many similarities. They may seem legitimate and offer a broad array of "useful" features, which are often nonfunctional. As mentioned, these apps generate redirects to untrustworthy, deceptive/scam and malicious sites. They can also deliver intrusive advertisements by employing tools to enable third party graphical content to be displayed on any site.
The ads diminish the browsing experience (i.e., overlay web pages, thereby limiting visibility and browsing speed), redirect to dangerous websites, and stealthily download/install PUAs. Unwanted applications can also hijack browsers. Data tracking capabilities are a major concern with PUAs.
They often record browsing activity (browsing and search engine histories) and gather users' personal information (IP addresses, geolocations, and other details). This data is then shared with third parties (potentially, cyber criminals) seeking to misuse it for financial gain.
In summary, PUAs can cause browser/system infiltration and infections, and lead to financial loss, serious privacy issues and even identity theft. To ensure device and user safety, remove all suspicious applications and browser extensions/plug-ins without delay.
|Threat Type||Phishing, Scam, Mac malware, Mac virus.|
|Fake Claim||Chksumm websites claim that devices are infected with a virus and encourages users to download cleaning software.|
|Detection Names||Kaspersky (Malware), Full List (VirusTotal)|
|Serving IP Address||126.96.36.199|
|Related Domains||Full list below.|
|Promoted Unwanted Application||Smart Mac Booster|
|Symptoms||Your Mac becomes slower than normal, you see unwanted pop-up ads, you are redirected to dubious websites.|
|Distribution methods||Deceptive pop-up ads, free software installers (bundling), fake Flash Player installers, torrent file downloads.|
|Damage||Internet browser tracking (potential privacy issues), display of unwanted ads, redirects to dubious websites, loss of private information.|
|Malware Removal (Mac)||
To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
The Internet is rife with scam websites, which tend to share certain similarities and some are even identical. For example, Trksmm, Nothsws, Zxcvc are identical to Chksumm. These web pages use scare tactics, mainly for the purpose of endorsing bogus and nonoperational software.
They operate by scaring visitors with alarms of detected "threats" and push them into installing and/or purchasing untrustworthy apps. Few users enter deceptive pages intentionally, most are redirected by PUAs or by intrusive ads.
How did potentially unwanted applications install on my computer?
PUAs are commonly downloaded/installed together with other software. This deceptive marketing method of pre-packing regular content with these applications is called "bundling". By rushing through download/installation processes (e.g. skipping steps, using pre-set options, etc.), many users endanger their devices with potential system infiltration and infections.
Some PUAs have "official" download sites on which they are often endorsed as "free" and "useful". When clicked, intrusive advertisements can execute scripts designed to download/install unwanted content without users' permission.
How to avoid installation of potentially unwanted applications
Research all products before downloading/installing. Use only official and verified download channels. Peer-to-Peer sharing networks (BitTorrent, Gnutella, eMule, etc.), free file-hosting websites and other third party downloaders are classed as untrustworthy and should be avoided.
Treat download and installation processes with caution. Read the terms, explore all possible options, use the "Custom/Advanced" settings, and opt-out of downloading/installing additional apps, tools, functions, etc.
Intrusive ads usually seem normal and harmless, however, they often redirect to dubious web pages (e.g. gambling, adult-dating, pornography, and others). If you encounter ads/redirects of this kind, inspect the device and immediately remove all suspicious applications and/or browser extensions/plug-ins.
If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate them.
Text presented in the pop-up window:
A website you visited today has infected your Mac with a virus.
Press OK to begin the repair process.
Screenshot of the second web page displayed by Chksumm:
Text presented on this page:
A website you have visited today has infected your Mac with a virus. A full system scan is now required to find and remove harmful files or applications from your Mac OS X 10_13_6 device.
Device: Mac OS X 10_13_6
Browser: Safari 12.0.1
Provider: Telia Lietuva, AB
Location: - LT
Screenshot of the fake system scan results:
Text presented in this page:
Please download the Advanced Mac Cleaner application to remove Bankworm from your Mac.
Virus Name: Bankworm
Infected File: /os/apps/worm.icv
Application: Advanced Mac Cleaner
REMOVE VIRUS NOW
Appearance of "Chksumm" scam (GIF):
List of domains relating to the Chksumm website family:
Screenshot of the Smart Mac Booster installation set-up:
Screenshot of the Smart Mac Booster application:
Instant automatic Mac malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
- What is Chksumm pop-up?
- How to identify a pop-up scam?
- How do pop-up scams work?
- How to remove fake pop-ups?
- How to prevent fake pop-ups?
- What to do if you fell for a pop-up scam?
How to identify a pop-up scam?
Pop-up windows with various fake messages are a common type of lures cybercriminals use. They collect sensitive personal data, trick Internet users into calling fake tech support numbers, subscribe to useless online services, invest in shady cryptocurrency schemes, etc.
While in the majority of cases these pop-ups don't infect users' devices with malware, they can cause direct monetary loss or could result in identity theft.
Cybercriminals strive to create their rogue pop-up windows to look trustworthy, however, scams typically have the following characteristics:
- Spelling mistakes and non-professional images - Closely inspect the information displayed in a pop-up. Spelling mistakes and unprofessional images could be a sign of a scam.
- Sense of urgency - Countdown timer with a couple of minutes on it, asking you to enter your personal information or subscribe to some online service.
- Statements that you won something - If you haven't participated in a lottery, online competition, etc., and you see a pop-up window stating that you won.
- Computer or mobile device scan - A pop-up window that scans your device and informs of detected issues - is undoubtedly a scam; webpages cannot perform such actions.
- Exclusivity - Pop-up windows stating that only you are given secret access to a financial scheme that can quickly make you rich.
Example of a pop-up scam:
How do pop-up scams work?
Cybercriminals and deceptive marketers usually use various advertising networks, search engine poisoning techniques, and shady websites to generate traffic to their pop-ups. Users land on their online lures after clicking on fake download buttons, using a torrent website, or simply clicking on an Internet search engine result.
Based on users' location and device information, they are presented with a scam pop-up. Lures presented in such pop-ups range from get-rich-quick schemes to fake virus scans.
How to remove fake pop-ups?
In most cases, pop-up scams do not infect users' devices with malware. If you encountered a scam pop-up, simply closing it should be enough. In some cases scam, pop-ups may be hard to close; in such cases - close your Internet browser and restart it.
In extremely rare cases, you might need to reset your Internet browser. For this, use our instructions explaining how to reset Internet browser settings.
How to prevent fake pop-ups?
To prevent seeing pop-up scams, you should visit only reputable websites. Torrent, Crack, free online movie streaming, YouTube video download, and other websites of similar reputation commonly redirect Internet users to pop-up scams.
To minimize the risk of encountering pop-up scams, you should keep your Internet browsers up-to-date and use reputable anti-malware application. For this purpose, we recommend Combo Cleaner Antivirus for macOS.
What to do if you fell for a pop-up scam?
This depends on the type of scam that you fell for. Most commonly, pop-up scams try to trick users into sending money, giving away personal information, or giving access to one's device.
- If you sent money to scammers: You should contact your financial institution and explain that you were scammed. If informed promptly, there's a chance to get your money back.
- If you gave away your personal information: You should change your passwords and enable two-factor authentication in all online services that you use. Visit Federal Trade Commission to report identity theft and get personalized recovery steps.
- If you let scammers connect to your device: You should scan your computer with reputable anti-malware (we recommend Combo Cleaner Antivirus for macOS) - cyber criminals could have planted trojans, keyloggers, and other malware, don't use your computer until removing possible threats.
- Help other Internet users: report Internet scams to Federal Trade Commission.