FacebookTwitterLinkedIn

Avoid getting scammed by fake "PEGASUS SPYWARE ACTIVATED" sites

Also Known As: "PEGASUS SPYWARE ACTIVATED" tech support scam
Type: Mac Virus
Damage level: Medium

What kind of scam is "PEGASUS SPYWARE ACTIVATED"?

Displayed by a deceptive website, "PEGASUS SPYWARE ACTIVATED" is a fake error similar to "Immediately Call Apple Support", "APPLE SECURITY BREACH", "AppleCare And Warranty", and many others. Users often visit this website inadvertently - they are redirected by various potentially unwanted programs (PUPs).

In most cases, PUPs infiltrate systems without users’ permission. In addition to causing redirects, PUPs deliver intrusive ads, gather sensitive data, and run various unnecessary processes.

PEGASUS SPYWARE ACTIVATED scam

"PEGASUS SPYWARE ACTIVATED" scam overview

"PEGASUS SPYWARE ACTIVATED" targets MacOS. This error states that the system has been infected and that the infection poses a threat to users' personal details - logins/passwords, banking information, and other private information might be stolen. Users are encouraged to immediately contact Apple Care via a telephone number ("+1 855 564 1999") provided.

They are then supposedly guided through the malware removal process. Be aware, however, that the "PEGASUS SPYWARE ACTIVATED" error is a scam, a fake message that has nothing to do with Apple. Cyber criminals claim to be certified technicians and attempt to trick users into paying for technical support that is not required - the malware simply does not exist.

In addition, cyber criminals often demand remote access to users' computers. After connecting, they attempt to install malware and/or change system settings. They then claim to "detect" more errors and offer help for an additional fee. For these reasons, "PEGASUS SPYWARE ACTIVATED" should be ignored.

It can be removed simply by closing the web browser (preferably, via a web browser) or rebooting the system. Note that, after re-running your web browser, do not click "Restore Closed Tabs", otherwise you will visit the malicious site again.

As mentioned above, PUPs deliver various intrusive ads (e.g., coupons, banners, pop-ups, etc.) These are delivered via tools that enable placement of third party graphical content on any site. Therefore, most overlay visited website content, thereby significantly diminishing the browsing experience.

Furthermore, some of these ads lead to malicious websites and even execute scripts that download/install malware (or other PUPs). Therefore, even a single click can result in high-risk computer infections. Another downside is data tracking. PUPs record user-system information that often includes personal details.

The data is typically sold to third parties (potentially, cyber criminals) who misuse personal details to generate revenue. Therefore, the presence of data-tracking apps can lead to serious privacy issues. In addition, PUPs might run unnecessary processes (e.g., mine cryptourrency) without users' consent.

By stealthily misusing resources, they significantly reduce overall system performance. For these reasons, we strongly advise you to uninstall all PUPs immediately.

Threat Summary:
Name "PEGASUS SPYWARE ACTIVATED" tech support scam
Threat Type Phishing, Scam, Social Engineering, Fraud
Fake Claim User's Apple device is infected with a spyware called "Pegasus".
Disguise Apple Inc.
Tech Support Scammer Phone Number +1 855 564 1999; +1-855-500-0471; +1-833-890-2679
Related Domains windows[.]net; ubisof03-info[.]tk; apple-care[.]xyz
Symptoms Fake error messages, fake system warnings, pop-up errors, hoax computer scan.
Distribution methods Compromised websites, rogue online pop-up ads, potentially unwanted applications.
Damage Loss of sensitive private information, monetary loss, identity theft, possible malware infections.
Malware Removal (Mac)

To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
▼ Download Combo Cleaner for Mac
To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

"PEGASUS SPYWARE ACTIVATED" shares many similarities with dozens of other fake errors. All claim that the system is damaged (e.g., missing files, infected, etc.), however, these errors are designed only to extort money from unsuspecting users. Research shows that potentially unwanted programs also share many similarities.

By falsely claiming to provide various "useful features", PUPs attempt to give the impression of legitimacy, however, these programs are designed only to generate revenue for the developers. Rather than giving any real value, PUPs pose a direct threat to your privacy and Internet browsing safety.

How did potentially unwanted programs install on my computer?

To proliferate PUPs, developers typically employ intrusive ads, and a deceptive marketing method called "bundling". Therefore, due to lack of caution and careless behavior by many users, PUPs often infiltrate systems without permission. "Bundling" is stealth installation of PUPs together with regular software.

Developers do not disclose these installations properly - they hide "bundled" apps within various sections (e.g., "Advanced/Custom" settings) of the download/installation processes.

Many users rush these processes and skip steps. In addition, they click various ads without understanding the possible consequences. In doing so, they expose their systems to risk of various infections.

How to avoid installation of potentially unwanted applications?

This situation can be prevented by paying close attention during the download/installation processes, and when browsing the Internet. Carefully analyze each step of the download/installation processes and opt-out of all additionally-included programs. Bear in mind that criminals invest many resources into intrusive ad design.

Therefore, most look legitimate, however, these ads redirect to dubious websites (e.g., pornography, gambling, adult dating, etc.) If you encounter such ads, uninstall all suspicious applications and browser plug-ins.

Text presented in "PEGASUS SPYWARE ACTIVATED" pop-up:

** YOUR APPLE DEVICE HAS A VIRUS **

Apple iOS Alert!!

Error # 268d3

PEGASUS (SPYWARE) ACTIVATED

System might be Infected due to unexpected error!
Please call Apple Care immediately at: +1 855 564 1999
Do not ignore this critical alert.
If you close this page, your Apple Device access will be disabled to prevent further damage to our network.

Your Apple Device has alerted us that it has been infected with a virus and spyware. The following information is being stolen...

> Facebook Login
> Credit Card Details
> Email Account Login
> Photos stored on this Device
You must contact us immediately so that our engineers can walk you through the removal process over the phone. Please call us within the next 5 minutes to prevent your Apple Device from being disabled.

Toll Free: +1 855 564 1999

Appearance of "PEGASUS SPYWARE ACTIVATED" scam (GIF):

Appearance of PEGASUS SPYWARE ACTIVATED scam (GIF)

Here's how this tech support scam appears on an iPhone (tech support scammers are using +1-855-500-0471 phone number):

fake apple ios alert on iPhone (tech support scam)

Text presented in the mobile version of this tech support scam:

YOUR APPLE DEVICE HAS A VIRUS
Apple iOS Alert!!
PEGASUS (SPYWARE) ACTIVATED
System might be infected due to unexpected error! Please Contract Apple Care +1-855-500-0471 Immediately! for assistance regarding how to remove it. Suspicious Activity Detected. Your Browser might be compromised. Possible network damages if virus not removed immediately.

This fake pop-up is commonly displayed on iPhones. To eliminate it, simply close the tab and clear your Safari browser cache. To do this:

1. Open the Settings app.
2. Scroll down until you see Safari and tap on it.
3. Select Clear History and Website Data.

Yet another example of "PEGASUS SPYWARE ACTIVATED" pop-up scam:

PEGASUS SPYWARE ACTIVATED pop-up scam (2024-07-18)

Text presented within:

For help call +1-833-890-2679

Contact Apple

WARNING! **PEGASUS SPYWARE ACTIVATED**
Your device is infected with a Virus!
Please call Apple Care at +1-833-890-2679 to unlock this device. ERROR C0DE- 18SX87L2Y

For help call +1-833-890-2679

Instant automatic Mac malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

How to identify a pop-up scam?

Pop-up windows with various fake messages are a common type of lures cybercriminals use. They collect sensitive personal data, trick Internet users into calling fake tech support numbers, subscribe to useless online services, invest in shady cryptocurrency schemes, etc.

While in the majority of cases these pop-ups don't infect users' devices with malware, they can cause direct monetary loss or could result in identity theft.

Cybercriminals strive to create their rogue pop-up windows to look trustworthy, however, scams typically have the following characteristics:

  • Spelling mistakes and non-professional images - Closely inspect the information displayed in a pop-up. Spelling mistakes and unprofessional images could be a sign of a scam.
  • Sense of urgency - Countdown timer with a couple of minutes on it, asking you to enter your personal information or subscribe to some online service.
  • Statements that you won something - If you haven't participated in a lottery, online competition, etc., and you see a pop-up window stating that you won.
  • Computer or mobile device scan - A pop-up window that scans your device and informs of detected issues - is undoubtedly a scam; webpages cannot perform such actions.
  • Exclusivity - Pop-up windows stating that only you are given secret access to a financial scheme that can quickly make you rich.

Example of a pop-up scam:

Example of a pop-up scam

How do pop-up scams work?

Cybercriminals and deceptive marketers usually use various advertising networks, search engine poisoning techniques, and shady websites to generate traffic to their pop-ups. Users land on their online lures after clicking on fake download buttons, using a torrent website, or simply clicking on an Internet search engine result.

Based on users' location and device information, they are presented with a scam pop-up. Lures presented in such pop-ups range from get-rich-quick schemes to fake virus scans.

How to remove fake pop-ups?

In most cases, pop-up scams do not infect users' devices with malware. If you encountered a scam pop-up, simply closing it should be enough. In some cases scam, pop-ups may be hard to close; in such cases - close your Internet browser and restart it.

In extremely rare cases, you might need to reset your Internet browser. For this, use our instructions explaining how to reset Internet browser settings.

How to prevent fake pop-ups?

To prevent seeing pop-up scams, you should visit only reputable websites. Torrent, Crack, free online movie streaming, YouTube video download, and other websites of similar reputation commonly redirect Internet users to pop-up scams.

To minimize the risk of encountering pop-up scams, you should keep your Internet browsers up-to-date and use reputable anti-malware application. For this purpose, we recommend Combo Cleaner Antivirus for macOS.

What to do if you fell for a pop-up scam?

This depends on the type of scam that you fell for. Most commonly, pop-up scams try to trick users into sending money, giving away personal information, or giving access to one's device.

  • If you sent money to scammers: You should contact your financial institution and explain that you were scammed. If informed promptly, there's a chance to get your money back.
  • If you gave away your personal information: You should change your passwords and enable two-factor authentication in all online services that you use. Visit Federal Trade Commission to report identity theft and get personalized recovery steps.
  • If you let scammers connect to your device: You should scan your computer with reputable anti-malware (we recommend Combo Cleaner Antivirus for macOS) - cyber criminals could have planted trojans, keyloggers, and other malware, don't use your computer until removing possible threats.
  • Help other Internet users: report Internet scams to Federal Trade Commission.

Frequently Asked Questions (FAQ)

What is an online scam?

Online scams are deceptive messages intended to trick users into performing specific actions. For example, victims may be deceived into calling fake helplines, allowing cyber criminals to access devices remotely, making monetary transactions, purchasing products, disclosing private data, downloading/installing software, subscribing to services, etc.

What is the purpose of an online scam?

Online scams are designed to generate revenue for scammers. Cyber criminals predominantly profit by acquiring funds through deception, promoting content (e.g., websites, software, products, services, etc.), abusing/selling sensitive information, and distributing malware.

Why do I encounter online scams?

Online scams are primarily promoted via websites using rogue advertising networks, spam (e.g., emails, PMs/DMs, SMSes, social media posts, browser notifications, etc.), intrusive ads (malvertising), misspelled URLs (typosquatting), and adware.

I cannot exit a scam page, how do I close it?

If you cannot close a scam page, use Task Manager to end the browser's process. Remember that restoring the previous browsing session will reopen the deceptive webpage. Therefore, start a new session when reaccessing the browser.

I have allowed cyber criminals to remotely access my computer, what should I do?

If you have allowed cyber criminals to access your computer remotely, disconnect it from the Internet. Afterward, remove the remote access software the criminals used (e.g., UltraViewer, TeamViewer, etc.), as they might not need your consent to reconnect. Lastly, perform a full system scan and eliminate all detected threats.

I have provided my personal information when tricked by an online scam, what should I do?

If you have provided your log-in credentials, change the passwords of all potentially exposed accounts and inform their official support. And if you've disclosed other private data (e.g., ID card details, credit card numbers, etc.), contact the appropriate authorities without delay.

Will Combo Cleaner protect me from online scams and the malware they proliferate?

Combo Cleaner can scan visited websites for deceptive/scam and malicious content. It can also block all further access to websites hosting said content. Combo Cleaner is likewise capable of detecting and eliminating almost all known malware infections. It must be mentioned that performing a complete system scam is crucial, as sophisticated malicious programs usually hide deep within systems.

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Removal Instructions in other languages
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

QR Code
PEGASUS SPYWARE ACTIVATED tech support scam QR code
Scan this QR code to have an easy access removal guide of "PEGASUS SPYWARE ACTIVATED" tech support scam on your mobile device.
We Recommend:

Get rid of Mac malware infections today:

▼ REMOVE IT NOW
Download Combo Cleaner for Mac

Platform: macOS

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.