Avoid getting scammed by the aytonus.com website

What kind of page is aytonus[.]com?

While inspecting untrustworthy sites, our research team found the aytonus[.]com deceptive webpage. This website is designed to load scams and redirect visitors to other (likely unreliable/malicious) pages.

Most users enter webpages like aytonus[.]com via redirects caused by sites using rogue advertising networks, mistyped URLs, spam browser notifications, intrusive advertisements, or installed adware.

Aytonus[.]com overview

When we entered aytonus[.]com, it ran the "Hackers are watching you!" scam. The site first displayed a pop-up window urging the visitor to read the alerts concerning their iOS device.

The text presented on the background page made false claims about hackers watching the user. The scheme stated that the visitor's Apple iPhone connection had been compromised. It also warned that unless this was addressed within two minutes, the hackers would leak information about the user's identity, browsing history, and front-facing camera photos. The scam then encouraged to follow the provided instructions and install the "recommended protection app".

It must be emphasized that no website can detect threats/issues present on visitors' devices; hence, any that make such claims - are scams.

Usually, content like "Hackers are watching you!" is designed to endorse fake anti-viruses, adware, browser hijackers, and various PUAs. In a few cases, we have observed scams of this kind promoting trojans, ransomware, and other malware.

To summarize, via sites like aytonus[.]com - users can experience system infections, serious privacy issues, financial losses, and even identity theft.

Threat Summary:

Name	aytonus.com pop-up
Threat Type	Phishing, Scam, Mac malware, Mac virus
Fake Claim	Apple iPhone connection has been hacked and hackers are using it to obtain sensitive data/content.
Disguise	Apple security
Detection Names	N/A (VirusTotal)
Serving IP Address	165.232.155.209
Symptoms	Your Mac becomes slower than normal, you see unwanted pop-up ads, you are redirected to dubious websites.
Distribution methods	Deceptive pop-up ads, free software installers (bundling), fake Flash Player installers, torrent file downloads.
Damage	Internet browser tracking (potential privacy issues), display of unwanted ads, redirects to dubious websites, loss of private information.
Malware Removal (Mac)	To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. ▼ Download Combo Cleaner for Mac To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Similar website examples

We have analyzed countless websites like aytonus[.]com; sandgerl[.]com, reminderapp[.]store, adsafesafarifix[.]com - are just a few examples. The Internet is rife with deceptive and malicious material. Scams can use a wide variety of disguises, which can be pretty convincing. Therefore, we strongly advise exercising caution when browsing.

How did I open a scam website?

Scam sites are usually accessed inadvertently. Mistyping a website's address (URL) can result in a redirect (or a redirection chain leading) to deceptive a webpage. Spam browser notifications and intrusive advertisements promote online scams as well.

Additionally, sites that use rogue advertising networks can force-open scam webpages upon access or when hosted content (e.g., ads, buttons, links, etc.) is clicked. Adware can also display adverts that endorse scams or simply force-open their websites.

How to avoid visiting scam websites?

Online scams are primarily promoted via redirects caused by webpages using rogue advertising networks, mistyped URLs, spam browser notifications, intrusive advertisements, or installed adware.

Therefore, we advise against using websites offering pirated software/media or other questionable services (e.g., Torrenting, illegal streaming and downloading, etc.) - since these sites are typically monetized through rogue advertising networks.

To avoid receiving undesirable browser notifications, do not permit suspicious webpages to deliver them (i.e., do not click "Allow", "Allow Notifications", etc.). Instead, ignore or deny notification delivery requests (i.e., press "Block", "Block Notifications", etc.).

We also recommend downloading only from official/verified sources and approaching installation processes with care (e.g., reading, terms, opting-out of all additions, etc.) - to avoid allowing untrustworthy software into the system

If your computer is already infected, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate all threats.

Text presented in the pop-up windows displayed on aytonus[.]com website:

(17) System notifications

Read important notices about your iOS device

[OK]

Appearance of the background page of the scam promoted on aytonus[.]com website:

Text presented on this page:

Apple security

Hackers are watching you!

Your Apple iPhone connection has been hacked and someone is watching on you! Please do not close this page. If you don't fix this in two minutes, the hacker will reveal your identity and send your browsing history and front-facing camera photos to everyone in your contacts!

minute seconds

Recovery method：

Step 1: Click the "Connection Protection" button below.
Step 2: You will be redirected to the App Store.
Step 3: Install and run the recommended protection app to recover your Apple iPhone.

Protect your connection

Instant automatic Mac malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

• What is "aytonus[.]com"?
• STEP 1. Remove PUA related files and folders from OSX.
• STEP 2. Remove rogue extensions from Safari.
• STEP 3. Remove rogue add-ons from Google Chrome.
• STEP 4. Remove potentially unwanted plug-ins from Mozilla Firefox.

Video showing how to remove adware and browser hijackers from a Mac computer:

Potentially unwanted applications removal:

Remove potentially unwanted applications from your "Applications" folder:

Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX","NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.

Remove adware-related files and folders

Click the Finder icon, from the menu bar. Choose Go, and click Go to Folder...

Check for adware generated files in the /Library/LaunchAgents/ folder:

In the Go to Folder... bar, type: /Library/LaunchAgents/

In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.

Check for adware generated files in the ~/Library/Application Support/ folder:

In the Go to Folder... bar, type: ~/Library/Application Support/

In the "Application Support" folder, look for any recently-added suspicious folders. For example, "MplayerX" or "NicePlayer", and move these folders to the Trash.

Check for adware generated files in the ~/Library/LaunchAgents/ folder:

In the Go to Folder... bar, type: ~/Library/LaunchAgents/

In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.

Check for adware generated files in the /Library/LaunchDaemons/ folder:

In the "Go to Folder..." bar, type: /Library/LaunchDaemons/

In the "LaunchDaemons" folder, look for recently-added suspicious files. For example "com.aoudad.net-preferences.plist", "com.myppes.net-preferences.plist", "com.kuklorest.net-preferences.plist", "com.avickUpd.plist", etc., and move them to the Trash.

Scan your Mac with Combo Cleaner:

If you have followed all the steps correctly, your Mac should be clean of infections. To ensure your system is not infected, run a scan with Combo Cleaner Antivirus. Download it HERE. After downloading the file, double click combocleaner.dmg installer. In the opened window, drag and drop the Combo Cleaner icon on top of the Applications icon. Now open your launchpad and click on the Combo Cleaner icon. Wait until Combo Cleaner updates its virus definition database and click the "Start Combo Scan" button.

Combo Cleaner will scan your Mac for malware infections. If the antivirus scan displays "no threats found" - this means that you can continue with the removal guide; otherwise, it's recommended to remove any found infections before continuing.

After removing files and folders generated by the adware, continue to remove rogue extensions from your Internet browsers.

Remove malicious extensions from Internet browsers

Remove malicious Safari extensions:

Open the Safari browser, from the menu bar, select "Safari" and click "Preferences...".

In the preferences window, select "Extensions" and look for any recently-installed suspicious extensions. When located, click the "Uninstall" button next to it/them. Note that you can safely uninstall all extensions from your Safari browser - none are crucial for regular browser operation.

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Safari.

Remove malicious extensions from Google Chrome:

Click the Chrome menu icon (at the top right corner of Google Chrome), select "More Tools" and click "Extensions". Locate all recently-installed suspicious extensions, select these entries and click "Remove".

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Google Chrome.

Remove malicious extensions from Mozilla Firefox:

Click the Firefox menu (at the top right corner of the main window) and select "Add-ons and themes". Click "Extensions", in the opened window locate all recently-installed suspicious extensions, click on the three dots and then click "Remove".

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Mozilla Firefox.

Frequently Asked Questions (FAQ)

What is a pop-up scam?

Basically, pop-up scams are deceptive messages designed to trick users into performing specific actions. For example, victims can be lured into downloading/installing and/or purchasing applications, revealing private data, making monetary transactions, and so on.

What is the purpose of a pop-up scam?

Scams are primarily used to generate revenue. Cyber criminals can profit by obtaining commissions for software promotion, acquiring funds through deception, abusing or selling private data, proliferating malware, etc.

Why do I encounter fake pop-ups?

Pop-up scams are promoted on rogue websites. Users typically enter such sites through redirects caused by mistyped URLs, pages using rogue advertising networks, spam browser notifications, intrusive ads, or installed adware.

Will Combo Cleaner protect me from pop-up scams?

Combo Cleaner is designed to scan visited websites and detect rogue, scam, and malicious ones. Therefore, you will be warned immediately, and further access to such sites will be blocked.

▼ Show Discussion