Trojan.U83 POP-UP Scam (Mac)

What is "Trojan.U83"?

"Trojan.U83" is the name of a malicious program, which is supposedly detected by a deceptive website. This is a typical scam designed to promote an unwanted application called Mac Heal Pro.

By using this deceptive website, scammers attempt to trick people (visitors to the site) into believing that their Mac computers are infected with the aforementioned Trojan.U83 program and encourage them to download and install software that will supposedly eliminate it.

Typically, websites of this type are opened by installed potentially unwanted apps (PUAs). These also deliver ads and collect various user-system information.

Once opened, this deceptive website displays a pop-up widow stating that a recently-visited website infected the computer with Trojan.U83. It encourages visitors to remove the program immediately and advises them not to close it, otherwise the system will be damaged permanently.

According to the website, the visitor's system is infected with three other viruses: two malware infections and one phishing/spyware program. It states that these malicious programs, unless removed, will cause system damage such as data loss. It also states that the visitor's personal and banking details are at risk.

To prevent further damage, it encourages the user to scan the system by clicking the "Scan Now" button, which, if clicked, starts the scanning process. When complete, it displays fake results, stating that it has detected the Tapsnake, CronDNS, and Dubfishicv viruses.

Visitors are encouraged to remove them by clicking the "Repair your MacOS 10.14 Mojave" button. Clicking it leads to download of the Mac Heal Pro application. Since all these virus alerts are fake, there is no need to download software or use it to fix the so-called 'problems'. Do not download and install applications that are promoted using deceptive websites such as this.

As mentioned, these websites are opened by various PUAs that are installed on people's computers. Typically, they do not download and install them intentionally. Once installed, however, they often feed users with coupons, banners, surveys, pop-up ads and other unwanted, intrusive advertisements.

These can be annoying and clicking them often causes download/installation of unwanted apps. Some might also be malicious. Furthermore, many of these PUAs gather browsing-related information such as users' IP addresses, URLs of visited websites, entered search queries, geolocations, and other information of this kind.

Some of the gathered information might include personal/sensitive details. PUA developers share the details with other parties who misuse it to generate revenue.

Threat Summary:

Name	"Trojan.U83" virus
Threat Type	Mac malware, Mac virus, Phishing, Scam, Social Engineering, Fraud
Related Domain	r65.cf1.rackcdn[.]com
Serving IP Address (r65.cf1.rackcdn[.]com)	184.50.238.203
Fake Claim	The error message claims that system is infected with a number of viruses and encourages users to download a dubious system cleaner.
Distributed Unwanted Apps	Mac Heal Pro
Symptoms	Fake error messages, fake system warnings, pop-up errors, hoax computer scan.
Distribution methods	Compromised websites, rogue online pop-up ads, potentially unwanted applications.
Damage	Loss of sensitive private information, monetary loss, identity theft, possible malware infections.
Malware Removal (Mac)	To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. ▼ Download Combo Cleaner for Mac To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

There are many other scam websites/scams that are similar to this one, including, for example, macos-online-security-check[.]com, apple.com-optimize[.]live, and apple.com-clear[.]live. Generally, their main purpose is to trick people into downloading and installing unwanted applications.

PUAs that open these pages are virtually identical. Their main goals are to cause unwanted redirects, gather data, and serve ads. You are advised to uninstall all unwanted apps of this type immediately and not to trust deceptive websites that display fake virus alerts.

How did potentially unwanted applications install on my computer?

Some potentially unwanted applications can be downloaded from supposedly official websites, however, people mostly download and install them inadvertently. They can be downloaded/installed through intrusive advertisements - when clicked, they execute scripts designed to download/install PUAs.

In other cases, PUAs are downloaded and installed with other software. To trick people, developers use a deceptive marketing method called "bundling". They include unwanted apps into other software download/installation set-ups. Typically, information about this is hidden in settings such as "Custom", "Advanced", and other similar sections.

In summary, unwanted downloads/installations occur when people click deceptive ads or download/install software without checking and changing options available in the set-ups.

How to avoid installation of potentially unwanted applications?

All software should be downloaded using official/trustworthy websites. Other sources such as unofficial websites, Peer-to-Peer networks (torrent clients, eMule, and so on) should not be trusted. Furthermore, cyber criminals often use these sources as tools to proliferate malware.

Check all available "Advanced", "Custom" and other sections/settings of various download/installation set-ups. Therefore, offers to download/install additional software should be dismissed before completing set-ups. Do not click intrusive ads, especially if they are displayed on dubious pages. They cause redirects to untrustworthy websites that might contain malware.

If unwanted redirects and ads occur regularly, check for new/unwanted plug-ins, add-ons, and extensions installed on the browser, and programs of this type installed on the computer (operating system). Uninstall any unwanted entries immediately.

If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate them.

Screenshot of a pop-up on a deceptive website stating that the computer is infected with Trojan.U83:

Text presented in the pop-up window:

IMMEDIATE ACTION REQUIRED

The last website has infected your computer with a Trojan.U83.

Immediate repair is required. Click Ok to continue.

**If you leave this page your computer is exposed to being permanently damaged.**

Screenshot of fake scan results:

Text presented in this page:

DOWNLOAD REQUIRED
Your Mac is heavily damaged! (33,2 %)
Please download Mac Cleanerô application to remove (3) Viruses from your computer.
VIRUS INFORMATION

Virus Name : Tapsnake ; CronDNS ; Dubfishicv
Risk : HIGH
Infected Files : /mac/apps/hidden/finder/X/snake.dmg; /mac/local/conf/keyboard/retype.dmg ; /mac/remote/conf/services/CronDNS.dmg...
Repair your MacOS 10.14 Mojave
VIRUS REMOVAL

Application : Mac Cleanerô
Rating : 9,9/10
Price : Free

Screenshot of Mac Heal Pro unwanted application:

Appearance of "Trojan.U83" scam (GIF):

Instant automatic Mac malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

• What is "Trojan.U83" virus?
• How to identify a pop-up scam?
• How do pop-up scams work?
• How to remove fake pop-ups?
• How to prevent fake pop-ups?
• What to do if you fell for a pop-up scam?

How to identify a pop-up scam?

Pop-up windows with various fake messages are a common type of lures cybercriminals use. They collect sensitive personal data, trick Internet users into calling fake tech support numbers, subscribe to useless online services, invest in shady cryptocurrency schemes, etc.

While in the majority of cases these pop-ups don't infect users' devices with malware, they can cause direct monetary loss or could result in identity theft.

Cybercriminals strive to create their rogue pop-up windows to look trustworthy, however, scams typically have the following characteristics:

• Spelling mistakes and non-professional images - Closely inspect the information displayed in a pop-up. Spelling mistakes and unprofessional images could be a sign of a scam.
• Sense of urgency - Countdown timer with a couple of minutes on it, asking you to enter your personal information or subscribe to some online service.
• Statements that you won something - If you haven't participated in a lottery, online competition, etc., and you see a pop-up window stating that you won.
• Computer or mobile device scan - A pop-up window that scans your device and informs of detected issues - is undoubtedly a scam; webpages cannot perform such actions.
• Exclusivity - Pop-up windows stating that only you are given secret access to a financial scheme that can quickly make you rich.

Example of a pop-up scam:

How do pop-up scams work?

Cybercriminals and deceptive marketers usually use various advertising networks, search engine poisoning techniques, and shady websites to generate traffic to their pop-ups. Users land on their online lures after clicking on fake download buttons, using a torrent website, or simply clicking on an Internet search engine result.

Based on users' location and device information, they are presented with a scam pop-up. Lures presented in such pop-ups range from get-rich-quick schemes to fake virus scans.

How to remove fake pop-ups?

In most cases, pop-up scams do not infect users' devices with malware. If you encountered a scam pop-up, simply closing it should be enough. In some cases scam, pop-ups may be hard to close; in such cases - close your Internet browser and restart it.

In extremely rare cases, you might need to reset your Internet browser. For this, use our instructions explaining how to reset Internet browser settings.

How to prevent fake pop-ups?

To prevent seeing pop-up scams, you should visit only reputable websites. Torrent, Crack, free online movie streaming, YouTube video download, and other websites of similar reputation commonly redirect Internet users to pop-up scams.

To minimize the risk of encountering pop-up scams, you should keep your Internet browsers up-to-date and use reputable anti-malware application. For this purpose, we recommend Combo Cleaner Antivirus for macOS.

What to do if you fell for a pop-up scam?

This depends on the type of scam that you fell for. Most commonly, pop-up scams try to trick users into sending money, giving away personal information, or giving access to one's device.

• If you sent money to scammers: You should contact your financial institution and explain that you were scammed. If informed promptly, there's a chance to get your money back.
• If you gave away your personal information: You should change your passwords and enable two-factor authentication in all online services that you use. Visit Federal Trade Commission to report identity theft and get personalized recovery steps.
• If you let scammers connect to your device: You should scan your computer with reputable anti-malware (we recommend Combo Cleaner Antivirus for macOS) - cyber criminals could have planted trojans, keyloggers, and other malware, don't use your computer until removing possible threats.
• Help other Internet users: report Internet scams to Federal Trade Commission.

▼ Show Discussion