Remove redirects to "Your Apple iPhone is severely damaged" scam sites
Written by Tomas Meskauskas on (updated)
What is "Your Apple iPhone is severely damaged"?
"Your Apple iPhone is severely damaged" (also known as "Your Apple iPhone is severely compromised") is a scam that deceptively encourages people to download a potentially unwanted application (PUA) that should be used to remove viruses that this scam website has supposedly detected.
There are many similar scams, which typically show fake virus alerts and encourage visitors to take immediate action (download a PUA). These sites are often opened by other unwanted apps already installed on the system. Therefore, people do not generally visit websites of this type intentionally.
Research shows that the error messages are delivered by numberonevpn[.]com, safetyvpn[.]net, mobillevpn[.]info, thevpnsafety[.]com, seriusvpn[.]com, backupvpn[.]com, seriousvpnp[.]com, and other rogue websites.
"Your Apple iPhone is severely damaged" scam overview
This scam web page displays a pop-up that states that the iPhone has been compromised and suggests that the victim take immediate action. When the window is closed, the scam website shows a warning stating that the iPhone is damaged by 13 viruses.
Visitors are informed that their Apple phones are infected with browser trojans that might affect their Facebook accounts, WhatsApp messages, photos, and other applications. This web page recommends that users remove these threats with the DotBlock app, which is created by Software Setup, LLC.
This app can be downloaded by clicking the "Remove Virus" button. It then leads to the official Apple App Store page. We advise against using applications advertised through deceptive web pages such as this. Ignore these sites and do not trust the apps promoted on them.
Scam websites are often opened due to PUAs installed on browsers or operating systems. When installed, they feed users with ads (adware) and gather browsing information. They display various coupons, banners, surveys, pop-ups and other unwanted ads that, when clicked, cause unwanted downloads/installations or open dubious web pages.
Furthermore, these apps often continually collect browsing-related information. For example, entered search queries, URLs of visited websites, geolocations and other similar data. Developers share the details with third parties who misuse private data to generate revenue.
In some cases, these other parties are cyber criminals. PUAs can be the reason behind problems relating to browsing safety, privacy, and identity theft. Remove all PUAs immediately.
| Name | "Your Apple iPhone is severely damaged" pop-up |
| Threat Type | Scam, Mac malware, Mac virus |
| Fake Claim | This scam page claims that the visitor's iPhone is infected with viruses |
| Related Domains | geparvpn[.]com, backupvpn[.]com, numberonevpn[.]com, v-trackerpro[.]com, incognito-secure[.]online, usa.appius-dae[.]com, msgbrand[.]com, lztrackplus[.]com, techprotect[.].xyz, ressivill[.]com |
| Serving IP Addresses (geparvpn[.]com, backupvpn[.]com) | 104.27.157.208, 104.27.153.103 |
| Detection Names (geparvpn[.]com) | CRDF (Malicious), ESET (Phishing), Kaspersky (Phishing), Trustwave (Malicious), Full list of detections (VirusTotal) |
| Promoted Unwanted Applications | DotBlock, Shield VPN |
| Symptoms | Your Mac becomes slower than normal, you see unwanted pop-up ads, you are redirected to dubious websites. |
| Distribution methods | Deceptive pop-up ads, free software installers (bundling), fake flash player installers, torrent file downloads. |
| Damage | Internet browser tracking (potential privacy issues), display of unwanted ads, redirects to dubious websites, loss of private information. |
| Malware Removal (Mac) | To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. |
Scam website examples
The Internet is full of scam websites. Some other examples are apple.com-shield-devices[.]live, apple.com-scan-mac[.]live, and apple.com-shield[.]live. Typically, these web pages deceptively advertise PUAs and attempt to trick visitors into believing that their computers (or phones) are infected.
PUAs are often responsible for opening these web pages and are all very similar. Typically, they gather data, cause unwanted redirects, and display ads.
How did potentially unwanted applications install on my computer?
Research shows that unwanted apps are usually downloaded and installed inadvertently without users' knowledge. This is caused through clicked intrusive ads or during download or installation of other software. PUAs are often promoted by bundling them into various download or installation set-ups.
Furthermore, these details are not legitimately disclosed - information relating to bundled apps is usually hidden in "Custom", "Advanced" and other parts of the set-ups. People often leave them unchanged, thus allowing unwanted downloads/installations.
How to avoid installation of potentially unwanted applications?
Do not download programs from dubious websites, via Peer-to-Peer networks or other dubious channels. The best way to download is using official sites. Study each setup for "Custom", "Advanced" and other settings and dismiss unwanted applications before completing the process.
Various intrusive ads redirect people who click them to potentially malicious web pages, especially if they are displayed on other websites relating to gambling, pornography, adult dating etc. If there are suspicious extensions, add-ons or plug-ins installed on your browser, removethem immediately.
These apps might be the reason for unwanted redirects, ads, and other problems. Also uninstall unwanted programs from the operating system. If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate them.
Text presented in the pop-up window:
Your iPhone Has Been Compromised
Immediate Action Is Required!
Screenshot of the second web page of this scam:
Text in this web page:
WARNING!
Your Apple iPhone is severely damaged by 13 viruses!
We have detected that your Browser is (67.5%) DAMAGED by BROWSER TROJAN VIRUSES picked up while surfing recent corrupted sites.
Immediate action is required to prevent it from spreading and infecting sensitive data like your Facebook account, Whatsapp messages photos and private applications.
Here is how you can solve this in just a few seconds (Step by Step)
Step 1: Tap REMOVE VIRUS to install DotBlock from the App Store.
Step 2: Open the application to activate the latest update and remove any older (Infected) versions.
Appearance of "Your Apple iPhone is severely damaged" scam (GIF):
DotBlock application in Apple App Store:
Shield VPN application in Apple App Store:
Update August 26th, 2019 - Another application called Outlaw VPN has been discovered delivering "Your Apple iPhone Is Severely Damaged" on mobile devices:
Screenshot of "Your Apple iPhone Is Severely Damaged" pop-up scam displayed on iPhone:
Another screenshot of this scam opened on an iPhone:
Another variant of this scam error displayed on an iPhone:
Another example of this pop-up scam:
Text presented within this message:
ATTENTION - Viruses found!
Your Apple is severely damaged by (39) viruses! Soon your Apple SIM card will be corrupt and it will damage your contacts, photos, data, applications, etc..
To enable pop-up blocking, fraudulent website warnings, and remove web browsing data in mobile Apple devices, follow these steps:
First, go to "Settings", and then scroll down to find and tap "Safari".
Check if the "Block Pop-ups" and "Fraudulent Website Warning" toggles are enabled. If not, enable them immediately. Then, scroll down and tap "Advanced".
Tap "Website Data" and then "Remove All Website Data".
Instant automatic Mac malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.
Quick menu:
- What is "Your Apple iPhone is severely damaged"?
- STEP 1. Remove PUA related files and folders from OSX.
- STEP 2. Remove rogue extensions from Safari.
- STEP 3. Remove rogue add-ons from Google Chrome.
- STEP 4. Remove potentially unwanted plug-ins from Mozilla Firefox.
Video showing how to remove adware and browser hijackers from a Mac computer:
Potentially unwanted applications removal:
Remove potentially unwanted applications from your "Applications" folder:
Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX", "NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.
Remove adware-related files and folders
Click the Finder icon, from the menu bar. Choose Go, and click Go to Folder...
Check for adware generated files in the /Library/LaunchAgents/ folder:
In the Go to Folder... bar, type: /Library/LaunchAgents/
In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.
Check for adware generated files in the ~/Library/Application Support/ folder:
In the Go to Folder... bar, type: ~/Library/Application Support/
In the "Application Support" folder, look for any recently-added suspicious folders. For example, "MplayerX" or "NicePlayer", and move these folders to the Trash.
Check for adware generated files in the ~/Library/LaunchAgents/ folder:
In the Go to Folder... bar, type: ~/Library/LaunchAgents/
In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.
Check for adware generated files in the /Library/LaunchDaemons/ folder:
In the "Go to Folder..." bar, type: /Library/LaunchDaemons/
In the "LaunchDaemons" folder, look for recently-added suspicious files. For example "com.aoudad.net-preferences.plist", "com.myppes.net-preferences.plist", "com.kuklorest.net-preferences.plist", "com.avickUpd.plist", etc., and move them to the Trash.
Scan your Mac with Combo Cleaner:
If you have followed all the steps correctly, your Mac should be clean of infections. To ensure your system is not infected, run a scan with Combo Cleaner Antivirus. Download it HERE. After downloading the file, double click combocleaner.dmg installer. In the opened window, drag and drop the Combo Cleaner icon on top of the Applications icon. Now open your launchpad and click on the Combo Cleaner icon. Wait until Combo Cleaner updates its virus definition database and click the "Start Combo Scan" button.
Combo Cleaner will scan your Mac for malware infections. If the antivirus scan displays "no threats found" - this means that you can continue with the removal guide; otherwise, it's recommended to remove any found infections before continuing.
After removing files and folders generated by the adware, continue to remove rogue extensions from your Internet browsers.
Remove malicious extensions from Internet browsers
Remove malicious Safari extensions:
Open the Safari browser, from the menu bar, select "Safari" and click "Preferences...".
In the preferences window, select "Extensions" and look for any recently-installed suspicious extensions. When located, click the "Uninstall" button next to it/them. Note that you can safely uninstall all extensions from your Safari browser - none are crucial for regular browser operation.
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Safari.
Remove malicious extensions from Google Chrome:
Click the Chrome menu icon 
(at the top right corner of Google Chrome), select "More Tools" and click "Extensions". Locate all recently-installed suspicious extensions, select these entries and click "Remove".
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Google Chrome.
Remove malicious extensions from Mozilla Firefox:
Click the Firefox menu 
(at the top right corner of the main window) and select "Add-ons and themes". Click "Extensions", in the opened window locate all recently-installed suspicious extensions, click on the three dots and then click "Remove".
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Mozilla Firefox.
Frequently Asked Questions (FAQ)
What is a pop-up scam?
Basically, pop-up scams are messages designed to trick users into performing certain actions. For example, victims can be lured into downloading/installing and/or purchasing software, registering for bogus services, disclosing private data, making monetary transactions, calling fake helplines, and so forth.
What is the purpose of a pop-up scam?
Scams are primarily used to generate revenue. Cyber criminals can profit by acquiring funds through deception, promoting software, abusing or selling sensitive information, proliferating malware, and so on.
Why do I encounter fake pop-ups?
Pop-up scams are run on untrustworthy websites. Most users enter such pages via redirects caused by sites using rogue advertising networks, mistyped URLs, spam browser notifications, intrusive advertisements, or installed adware.
Will Combo Cleaner protect me from pop-up scams?
Combo Cleaner is capable of scanning visited websites and detecting suspicious and malicious ones. Sites that promote pop-up scams are also included in these categories. Therefore, you will be warned immediately, and further access to such websites will be blocked.
Outstanding!
▼ Show Discussion