FacebookTwitterLinkedIn

Do not download/install apps promoted via tackis.xyz scam website

Also Known As: tackis.xyz pop-up
Type: Mac Virus
Distribution: Moderate
Damage level: Medium

How to remove redirects to tackis[.]xyz from Mac?

What is the tackis[.]xyz site?

Tackis[.]xyz is an untrustworthy website designed to run various scams. At the time of research, this page promoted a scheme claiming that visitors' iPhones have been infected and damaged by viruses. While the scam primarily targets iPhone users, the webpage might be accessed via other Apple devices as well. It must be emphasized that no site can detect threats or issues present on their visitors' systems; hence, any that make such claims are scams. Schemes of this type aim to push users into downloading/installing and/or purchasing dubious software, e.g., fake anti-viruses, adware, browser hijackers, and other Potentially Unwanted Applications (PUAs). It is noteworthy that these scams may also proliferate malware (e.g., trojans, ransomware, cryptocurrency miners, etc.). The tackis[.]xyz website has been observed being promoted via deceptive Calendar events. Users seldom enter harmful sites intentionally; most access them via mistyped URLs, or redirects caused by intrusive advertisements or installed PUAs.

tackis[.]xyz scam

The scam run on tackis[.]xyz falsely states that 39 viruses have damaged the visitor's iPhone. Allegedly, the sources of the infections are recently visited adult-themed websites. The mobile phone is supposedly at 28.1%, and the nonexistent threats will corrupt the iPhone's SIM card and damage stored photos, data, contacts, and installed applications. The scheme then urges users to remove the fake viruses by installing and running the recommended app. Additionally, the application will supposedly improve the browsing speed. As mentioned in the introduction, all of the claims made by this scam - are false. Therefore, by trusting tackis[.]xyz, users can experience system infections, serious privacy issues, financial losses, and even identity theft.

PUAs are commonly endorsed through various schemes. Unwanted apps usually appear legitimate and offer "useful" features, which are rarely operational. Fake anti-virus tools are prime examples of this type of PUAs. They require activation (i.e., purchase) to perform the promised functions, yet following activation - the functionalities remain nonoperational.

Furthermore, PUAs can have heinous abilities. Some of these applications can force-open promotional/sale-based, untrustworthy, deceptive/scam, and malicious webpages (e.g., tackis[.]xyz, and many others). Adware-types run intrusive advertisement campaigns. Software within this classification delivers browsing quality-diminishing and dangerous ads. Upon being clicked, intrusive adverts redirect to unreliable/malicious sites, and some can stealthily download/install software. Another PUA type called browser hijacker operates by making modifications to browser settings and restricting/denying access to them - in order to promote illegitimate search engines. The promoted web searchers typically cannot generate search results, so they redirect to Google, Bing, Yahoo, and other legitimate search engines. What is more, most PUAs can track data. Information of interest includes: URLs visited, pages viewed, search queries typed, IP addresses, geolocations, and even personally identifiable details. The gathered data is then sold to third-parties (potentially, cyber criminals). Therefore, it is strongly advised to eliminate all suspect applications and browser extensions/plug-ins immediately upon detection.

Threat Summary:
Name tackis.xyz pop-up
Threat Type Phishing, Scam, Mac malware, Mac virus
Fake Claim Scam claims users' iPhones have been infected with multiple viruses.
Detection Names Forcepoint ThreatSeeker (Suspicious), alphaMountain.ai (Suspicious), Full List (VirusTotal)
Serving IP Address 172.67.189.184
Promoted Unwanted Application Various dubious applications
Symptoms Your Mac becomes slower than normal, you see unwanted pop-up ads, you are redirected to dubious websites.
Distribution methods Deceptive pop-up ads, free software installers (bundling), fake Flash Player installers, torrent file downloads.
Damage Internet browser tracking (potential privacy issues), display of unwanted ads, redirects to dubious websites, loss of private information.
Malware Removal (Mac)

To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
▼ Download Combo Cleaner for Mac
To use full-featured product, you have to purchase a license for Combo Cleaner. Limited three days free trial available.

Iosdfnc[.]comsecurity-info[.]space, and landingsecure[.]com are a few examples of websites promoting iPhone user targeting schemes. The Internet is rife with misleading, deceptive, and hazardous content. Popular scams include: warnings that the system is infected or at risk, alerts that an important piece of software is outdated or missing, fake prize giveaways and raffles, unbelievable deals, and so forth. Regardless of what claims scams make - they have no value to users and pose various threats to them. Due to how prevalent online schemes are, it is highly recommended to exercise caution when browsing.

How did potentially unwanted applications install on my computer?

PUAs can have "official" promotional/download webpages, which are often pushed by deceptive/scam sites. These applications are also distributed via download/installation setups of other software. This false marketing technique of packing regular programs with unwanted or malicious additions - is termed "bundling". Rushed download/installation processes (e.g., ignored terms, used pre-set options, etc.) increase the risk of inadvertently allowing bundled content into the device. When clicked on, intrusive adverts can execute scripts to download/install PUAs without user consent.

How to avoid installation of potentially unwanted applications?

It is recommended to research software before download/installation and/or purchase. Additionally, only official and verified download channels must be used. Untrustworthy sources, e.g., unofficial and free file-hosting websites, Peer-to-Peer sharing networks, and other third-party downloaders - commonly offer harmful and bundled content. When downloading/installing, it is advised to read terms, study all possible options, use the "Custom/Advanced" settings and opt-out from additional apps, tools, functions, etc. Intrusive advertisements appear ordinary and innocuous; however, they redirect to questionable sites (e.g., gambling, adult-dating, pornography, and so on). In case of encounters with ads and/or redirects of this kind, the system must be checked and all suspicious applications and browser extensions/plug-ins detected - immediately removed from it. If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate them.

Text presented in the scam promoted on tackis[.]xyz:

Google

 

Your iPhone is severly damaged by (39) viruses

 

We've noticed that your Apple is 28.1%
Damaged by (30) harmful viruses from recent adult sites. It will soon corrupt your iPhone's SIM card and damage your contacts, photos, data, and applications.

 

4 minutes and! 55 seconds

 

If you don't remove the virus now, it will cause serious damage to your iPhone. Here's what you need to do (step by step):

 

Step 1: Tap and install app for free on the App Store!

 

Step 2: Open the application to speed up and fix your browser!

 

[Repair Now]

To remove rogue calendars that deliver notifications, promote dubious websites and fill Calendar with unwanted events in mobile Apple devices, follow these steps:

First go to your Home screen, find "Calendar", and then tap "Calendars" at the bottom of the screen:

Removing rogue calendars from mobile Apple devices (step 1)

Then find all suspicious Calendar entries (they are typically named after the promoted websites and the colors of their icons match those of the unwanted events) and tap the "i" symbol within a circle. Then scroll down to the very bottom of the screen, tap "Delete Calendar" and confirm it:

Removing rogue calendars from mobile Apple devices (step 2)

Users of older iOS versions should also perform the following steps:

  • 1. Go to "Settings"
  • 2. Select "Passwords & Accounts"
  • 3. Select "Subscribed Calendars" in the "Accounts" section
  • 4. Search for any dubious Calendars, tap them and select "Delete Account"

After removing the suspicious Calendars, you should clean the browsing data and ensure that pop-up blocking and fraudulent website warning settings are enabled:

To enable pop-up blocking, fraudulent website warnings, and remove web browsing data in mobile Apple devices, follow these steps:

First, go to "Settings", and then scroll down to find and tap "Safari".

remove pop-ups and clear cache step 1

Check if the "Block Pop-ups" and "Fraudulent Website Warning" toggles are enabled. If not, enable them immediately. Then, scroll down and tap "Advanced".

disable pop-ups and clear cache step 2

Tap "Website Data" and then "Remove All Website Data".

disable pop-ups and clear cache step 3

Instant automatic Mac malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited three days free trial available.

Quick menu:

Video showing how to remove adware and browser hijackers from a Mac computer:

Potentially unwanted applications removal:

Remove potentially unwanted applications from your "Applications" folder:

mac browser hijacker removal from applications folder

Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX","NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.

Remove tackis.xyz pop-up related files and folders:

Finder go to folder command

Click the Finder icon, from the menu bar. Choose Go, and click Go to Folder...

step1Check for adware-generated files in the /Library/LaunchAgents folder:

removing adware from launch agents folder step 1

In the Go to Folder... bar, type: /Library/LaunchAgents

removing adware from launch agents folder step 2
In the “LaunchAgents” folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - “installmac.AppRemoval.plist”, “myppes.download.plist”, “mykotlerino.ltvbit.plist”, “kuklorest.update.plist”, etc. Adware commonly installs several files with the same string.

step2Check for adware generated files in the /Library/Application Support folder:

removing adware from application support folder step 1

In the Go to Folder... bar, type: /Library/Application Support

removing adware from application support folder step 2
In the “Application Support” folder, look for any recently-added suspicious folders. For example, “MplayerX” or “NicePlayer”, and move these folders to the Trash.

step3Check for adware-generated files in the ~/Library/LaunchAgents folder:

removing adware from ~launch agents folder step 1


In the Go to Folder bar, type: ~/Library/LaunchAgents

removing adware from ~launch agents folder step 2

In the “LaunchAgents” folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - “installmac.AppRemoval.plist”, “myppes.download.plist”, “mykotlerino.ltvbit.plist”, “kuklorest.update.plist”, etc. Adware commonly installs several files with the same string.

step4Check for adware-generated files in the /Library/LaunchDaemons folder:

removing adware from launch daemons folder step 1
In the Go to Folder... bar, type: /Library/LaunchDaemons

removing adware from launch daemons folder step 2
In the “LaunchDaemons” folder, look for recently-added suspicious files. For example “com.aoudad.net-preferences.plist”, “com.myppes.net-preferences.plist”, "com.kuklorest.net-preferences.plist”, “com.avickUpd.plist”, etc., and move them to the Trash.

step 5 Scan your Mac with Combo Cleaner:

If you have followed all the steps in the correct order you Mac should be clean of infections. To be sure your system is not infected run a scan with Combo Cleaner Antivirus. Download it HERE. After downloading the file double click combocleaner.dmg installer, in the opened window drag and drop Combo Cleaner icon on top of the Applications icon. Now open your launchpad and click on the Combo Cleaner icon. Wait until Combo Cleaner updates it's virus definition database and click "Start Combo Scan" button.

scan-with-combo-cleaner-1

Combo Cleaner will scan your Mac for malware infections. If the antivirus scan displays "no threats found" - this means that you can continue with the removal guide, otherwise it's recommended to remove any found infections before continuing.

scan-with-combo-cleaner-2

After removing files and folders generated by the adware, continue to remove rogue extensions from your Internet browsers.

tackis.xyz pop-up removal from Internet browsers:

safari browser iconRemove malicious extensions from Safari:

Remove tackis.xyz pop-up related Safari extensions:

safari browser preferences

Open Safari browser, from the menu bar, select "Safari" and click "Preferences...".

safari extensions window

In the preferences window, select "Extensions" and look for any recently-installed suspicious extensions. When located, click the "Uninstall" button next to it/them. Note that you can safely uninstall all extensions from your Safari browser - none are crucial for normal browser operation.

  • If you continue to have problems with browser redirects and unwanted advertisements - Reset Safari.

firefox browser iconRemove malicious plug-ins from Mozilla Firefox:

Remove tackis.xyz pop-up related Mozilla Firefox add-ons:

accessing mozilla firefox add-ons

Open your Mozilla Firefox browser. At the top right corner of the screen, click the "Open Menu" (three horizontal lines) button. From the opened menu, choose "Add-ons".

removing malicious add-ons from mozilla firefox

Choose the "Extensions" tab and look for any recently-installed suspicious add-ons. When located, click the "Remove" button next to it/them. Note that you can safely uninstall all extensions from your Mozilla Firefox browser - none are crucial for normal browser operation.

  • If you continue to have problems with browser redirects and unwanted advertisements - Reset Mozilla Firefox.

chrome-browser-iconRemove malicious extensions from Google Chrome:

Remove tackis.xyz pop-up related Google Chrome add-ons:

removing malicious google chrome extensions step 1

Open Google Chrome and click the "Chrome menu" (three horizontal lines) button located in the top-right corner of the browser window. From the drop-down menu, choose "More Tools" and select "Extensions".

removing malicious Google Chrome extensions step 2

In the "Extensions" window, look for any recently-installed suspicious add-ons. When located, click the "Trash" button next to it/them. Note that you can safely uninstall all extensions from your Google Chrome browser - none are crucial for normal browser operation.

  • If you continue to have problems with browser redirects and unwanted advertisements - Reset Google Chrome.

Click to post a comment

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

QR Code
tackis.xyz pop-up QR code
A QR code (Quick Response Code) is a machine-readable code which stores URLs and other information. This code can be read using a camera on a smartphone or a tablet. Scan this QR code to have an easy access removal guide of tackis.xyz pop-up on your mobile device.
We Recommend:

Get rid of Mac malware infections today:

▼ REMOVE IT NOW
Download Combo Cleaner for Mac

Platform: macOS

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. Limited three days free trial available.