PEGASUS SPYWARE ACTIVATED Scam (Mac)
Written by Tomas Meskauskas on (updated)
What is PEGASUS SPYWARE ACTIVATED?
Displayed by a deceptive website, "PEGASUS SPYWARE ACTIVATED" is a fake error similar to Immediately Call Apple Support, APPLE SECURITY BREACH, AppleCare And Warranty, and many others. Users often visit this website inadvertently - they are redirected by various potentially unwanted programs (PUPs).
In most cases, PUPs infiltrate systems without users’ permission. In addition to causing redirects, PUPs deliver intrusive ads, gather sensitive data, and run various unnecessary processes.
"PEGASUS SPYWARE ACTIVATED" targets MacOS. This error states that the system has been infected and that the infection poses a threat to users' personal details - logins/passwords, banking information, and other private information might be stolen. Users are encouraged to immediately contact Apple Care via a telephone number ("+1 855 564 1999") provided.
They are then supposedly guided through the malware removal process. Be aware, however, that the "PEGASUS SPYWARE ACTIVATED" error is a scam, a fake message that has nothing to do with Apple. Cyber criminals claim to be certified technicians and attempt to trick users into paying for technical support that is not required - the malware simply does not exist.
In addition, cyber criminals often demand remote access to users' computers. After connecting, they attempt to install malware and/or change system settings. They then claim to "detect" more errors and offer help for an additional fee. For these reasons, "PEGASUS SPYWARE ACTIVATED" should be ignored.
It can be removed simply by closing the web browser (preferably, via a web browser) or rebooting the system. Note that, after re-running your web browser, do not click "Restore Closed Tabs", otherwise you will visit the malicious site again.
As mentioned above, PUPs deliver various intrusive ads (e.g., coupons, banners, pop-ups, etc.) These are delivered via tools that enable placement of third party graphical content on any site. Therefore, most overlay visited website content, thereby significantly diminishing the browsing experience.
Furthermore, some of these ads lead to malicious websites and even execute scripts that download/install malware (or other PUPs). Therefore, even a single click can result in high-risk computer infections. Another downside is data tracking. PUPs record user-system information that often includes personal details.
The data is typically sold to third parties (potentially, cyber criminals) who misuse personal details to generate revenue. Therefore, the presence of data-tracking apps can lead to serious privacy issues. In addition, PUPs might run unnecessary processes (e.g., mine cryptourrency) without users' consent.
By stealthily misusing resources, they significantly reduce overall system performance. For these reasons, we strongly advise you to uninstall all PUPs immediately.
Name | "PEGASUS SPYWARE ACTIVATED" virus |
Threat Type | Mac malware, Mac virus |
Symptoms | Your Mac became slower than normal, you see unwanted pop-up ads, you get redirected to shady websites. |
Distribution methods | Deceptive pop-up ads, free software installers (bundling), fake flash player installers, torrent file downloads. |
Damage | Internet browsing tracking (potential privacy issues), displaying of unwanted ads, redirects to shady websites, loss of private information. |
Malware Removal (Mac) | To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. |
"PEGASUS SPYWARE ACTIVATED" shares many similarities with dozens of other fake errors. All claim that the system is damaged (e.g., missing files, infected, etc.), however, these errors are designed only to extort money from unsuspecting users. Research shows that potentially unwanted programs also share many similarities.
By falsely claiming to provide various "useful features", PUPs attempt to give the impression of legitimacy, however, these programs are designed only to generate revenue for the developers. Rather than giving any real value, PUPs pose a direct threat to your privacy and Internet browsing safety.
How did potentially unwanted programs install on my computer?
To proliferate PUPs, developers typically employ intrusive ads, and a deceptive marketing method called "bundling". Therefore, due to lack of caution and careless behavior by many users, PUPs often infiltrate systems without permission. "Bundling" is stealth installation of PUPs together with regular software.
Developers do not disclose these installations properly - they hide "bundled" apps within various sections (e.g., "Advanced/Custom" settings) of the download/installation processes.
Many users rush these processes and skip steps. In addition, they click various ads without understanding the possible consequences. In doing so, they expose their systems to risk of various infections.
How to avoid installation of potentially unwanted applications?
This situation can be prevented by paying close attention during the download/installation processes, and when browsing the Internet. Carefully analyze each step of the download/installation processes and opt-out of all additionally-included programs. Bear in mind that criminals invest many resources into intrusive ad design.
Therefore, most look legitimate, however, these ads redirect to dubious websites (e.g., pornography, gambling, adult dating, etc.) If you encounter such ads, uninstall all suspicious applications and browser plug-ins.
Text presented in "PEGASUS SPYWARE ACTIVATED" pop-up:
** YOUR APPLE DEVICE HAS A VIRUS **
Apple iOS Alert!!
Error # 268d3
PEGASUS (SPYWARE) ACTIVATED
System might be Infected due to unexpected error!
Please call Apple Care immediately at: +1 855 564 1999
Do not ignore this critical alert.
If you close this page, your Apple Device access will be disabled to prevent further damage to our network.
Your Apple Device has alerted us that it has been infected with a virus and spyware. The following information is being stolen...
> Facebook Login
> Credit Card Details
> Email Account Login
> Photos stored on this Device
You must contact us immediately so that our engineers can walk you through the removal process over the phone. Please call us within the next 5 minutes to prevent your Apple Device from being disabled.
Toll Free: +1 855 564 1999
Appearance of "PEGASUS SPYWARE ACTIVATED" scam (GIF):
Here's how this tech support scam appears on an iPhone (tech support scammers are using +1-855-500-0471 phone number):
Text presented in the mobile version of this tech support scam:
YOUR APPLE DEVICE HAS A VIRUS
Apple iOS Alert!!
PEGASUS (SPYWARE) ACTIVATED
System might be infected due to unexpected error! Please Contract Apple Care +1-855-500-0471 Immediately! for assistance regarding how to remove it. Suspicious Activity Detected. Your Browser might be compromised. Possible network damages if virus not removed immediately.
This fake pop-up is commonly displayed on iPhones. To eliminate it, simply close the tab and clear your Safari browser cache. To do this:
1. Open the Settings app.
2. Scroll down until you see Safari and tap on it.
3. Select Clear History and Website Data.
Instant automatic Mac malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.
Quick menu:
- What is PEGASUS SPYWARE ACTIVATED?
- STEP 1. Remove PUP related files and folders from OSX.
- STEP 2. Remove rogue extensions from Safari.
- STEP 3. Remove rogue add-ons from Google Chrome.
- STEP 4. Remove potentially unwanted plug-ins from Mozilla Firefox.
Video showing how to remove adware and browser hijackers from a Mac computer:
Potentially unwanted programs removal:
Remove PUP-related potentially unwanted applications from your "Applications" folder:
Click the Finder icon. In the Finder window, select “Applications”. In the applications folder, look for “MPlayerX”,“NicePlayer”, or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.
Remove adware-related files and folders
Click the Finder icon, from the menu bar. Choose Go, and click Go to Folder...
Check for adware generated files in the /Library/LaunchAgents/ folder:
In the Go to Folder... bar, type: /Library/LaunchAgents/
In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.
Check for adware generated files in the ~/Library/Application Support/ folder:
In the Go to Folder... bar, type: ~/Library/Application Support/
In the "Application Support" folder, look for any recently-added suspicious folders. For example, "MplayerX" or "NicePlayer", and move these folders to the Trash.
Check for adware generated files in the ~/Library/LaunchAgents/ folder:
In the Go to Folder... bar, type: ~/Library/LaunchAgents/
In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.
Check for adware generated files in the /Library/LaunchDaemons/ folder:
In the "Go to Folder..." bar, type: /Library/LaunchDaemons/
In the "LaunchDaemons" folder, look for recently-added suspicious files. For example "com.aoudad.net-preferences.plist", "com.myppes.net-preferences.plist", "com.kuklorest.net-preferences.plist", "com.avickUpd.plist", etc., and move them to the Trash.
Scan your Mac with Combo Cleaner:
If you have followed all the steps correctly, your Mac should be clean of infections. To ensure your system is not infected, run a scan with Combo Cleaner Antivirus. Download it HERE. After downloading the file, double click combocleaner.dmg installer. In the opened window, drag and drop the Combo Cleaner icon on top of the Applications icon. Now open your launchpad and click on the Combo Cleaner icon. Wait until Combo Cleaner updates its virus definition database and click the "Start Combo Scan" button.
Combo Cleaner will scan your Mac for malware infections. If the antivirus scan displays "no threats found" - this means that you can continue with the removal guide; otherwise, it's recommended to remove any found infections before continuing.
After removing files and folders generated by the adware, continue to remove rogue extensions from your Internet browsers.
Remove malicious extensions from Internet browsers
Remove malicious Safari extensions:
Open the Safari browser, from the menu bar, select "Safari" and click "Preferences...".
In the preferences window, select "Extensions" and look for any recently-installed suspicious extensions. When located, click the "Uninstall" button next to it/them. Note that you can safely uninstall all extensions from your Safari browser - none are crucial for regular browser operation.
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Safari.
Remove malicious extensions from Google Chrome:
Click the Chrome menu icon (at the top right corner of Google Chrome), select "More Tools" and click "Extensions". Locate all recently-installed suspicious extensions, select these entries and click "Remove".
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Google Chrome.
Remove malicious extensions from Mozilla Firefox:
Click the Firefox menu (at the top right corner of the main window) and select "Add-ons and themes". Click "Extensions", in the opened window locate all recently-installed suspicious extensions, click on the three dots and then click "Remove".
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Mozilla Firefox.
▼ Show Discussion