Avoid downloading dubious software from the apl-def.com scam website

What is apl-def[.]com?

apl-def[.]com is a deceptive website running several different scam variants. By claiming that the visitors' devices are infected, or that their internet connection is not secure, it attempts to trick them into downloading/installing nonoperational, untrusted or malicious software.

Few users access websites such as apl-def[.]com intentionally - they are usually redirected by intrusive advertisements or Potentially Unwanted Applications (PUAs) already infiltrated into the device.

The scams promoted by apl-def[.]com target iPhone users, however, this web page might be accessed (or visitors are redirected to it) via other Apple products as well. One variant of this scheme operates by claiming that three viruses have been detected on the user's device.

These fake threats have apparently already damaged the smartphone's battery. To prevent further damage, the scam instructs users to download/install the recommended free virus protection tool from the AppStore. This software will remove the nonexistent malware and repair the damage, which the device has supposedly suffered.

Another version, states that the internet connection may not be secure. As with the previously described variant, this scam promotes a dubious app (a "trusted VPN"), which will allegedly secure the connection. It also repeats identical download/install steps. Note that all information provided and claims made by schemes run on apl-def[.]com are false.

Furthermore, trusting these scams will allow dubious or potentially malicious content onto the device. Therefore, you are strongly advised against trusting apl-def[.]com or other similar web pages.

As well as force-opening deceptive/scam sites, PUAs can cause redirects to sale-oriented, untrusted, rogue, compromised and malicious web pages, however, unwanted applications might also have other/additional capabilities. They can run intrusive ad campaigns, which deliver dangerous ads that diminish the browsing experience.

Once clicked, these redirect to various harmful websites and can even stealthily download/install unwanted software. Other PUAs can modify browsers and limit/deny access to their settings. PUAs commonly have data tracking capabilities.

They can monitor browsing activity (URLs visited, pages viewed, search queries typed, etc.) and collect users' personal information (IP addresses, geolocations and other sensitive details). The gathered data is often shared with third parties seeking to misuse it for profit - potentially, by putting it to criminal use.

In summary, the presence of PUAs on systems can lead to various infiltration and infections, serious privacy issues, financial loss and even identity theft. To protect device integrity and user safety, remove all suspect applications and browser extensions/plug-ins without delay.

Threat Summary:

Name	apl-def.com pop-up
Threat Type	Phishing, Scam, Mac malware, Mac virus.
Fake Claim	It claims that the visitors' devices are infected or that their internet connection may not be secure.
Detection Names	Fortinet (Phishing), Full List (VirusTotal)
Serving IP Address	5.9.122.84
Promoted Unwanted Application	Scam promotes various untrustworthy applications.
Symptoms	Your Mac becomes slower than normal, you see unwanted pop-up ads, you are redirected to dubious websites.
Distribution methods	Deceptive pop-up ads, free software installers (bundling), fake Flash Player installers, torrent file downloads.
Damage	Internet browser tracking (potential privacy issues), display of unwanted ads, redirects to dubious websites, loss of private information.
Malware Removal (Mac)	To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. ▼ Download Combo Cleaner for Mac To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

safariosso-aplosso.com, vpnshieldplus4.com, and maztek.xyz are some examples of other scam web pages similar to apl-def[.]com. These schemes use social engineering and scare tactics to trick visitors into performing specific actions.

For example, users can be encouraged to download/install or purchase nonfunctional, untrusted or malicious content, calling fake and expensive technical support lines, making monetary transactions (e.g. fraudulent fees and other payments), revealing personal information (e.g. names and surnames, social networking/media account credentials, banking or credit card details), and so on.

Deceptive sites are quite common, and therefore you are advised to exercise caution when browsing.

How did potentially unwanted applications install on my computer?

PUAs can be downloaded/installed with other products. This deceptive marketing method of pre-packing software with unwanted or malicious additions is called "bundling". Rushing download/installation processes (e.g. ignoring terms, skipping steps and sections, etc.) increases the risk of inadvertently allowing bundled content onto the system.

Some PUAs have "official" download pages. When clicked, intrusive ads can execute scripts to download/install PUAs without users' permission.

How to avoid installation of potentially unwanted applications

Products should be researched to verify their legitimacy, before download/installation or purchase. Use only official and trustworthy download channels. Unofficial and free file-hosting websites, P2P sharing networks (BitTorrent, eMule, Gnutella, etc.) and other third party downloaders are untrusted and can offer likewise suspect content.

Treat download and installation processes with caution.

Read the terms, explore all available options, use the "Custom/Advanced" settings and decline offers to download/install additional apps, tools, features, etc. Intrusive ads typically seem normal and harmless, however, they can redirect to dubious web pages (e.g. pornography, adult-dating, gambling and others).

If you encounter these advertisements/redirects, inspect the system and immediately eliminate all suspicious applications and browser extensions/plug-ins. If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate them.

Text presented in the apl-def[.]com scam:

Apple Security
(3) Viruses has been detected on your iPhone and battery has been infected and damaged.
If you do not remove this malware now, it may cause more damage to your device.
How to fix this:

Step 1: Tap the button below & install the recommended virus protection tool for free from the AppStore.

Step 2: Run the app to remove all malware to repair your phone to 100%

Download and Install

Screenshot of another scam variant promoted by apl-def[.]com site:

Text presented in this variant:

Your Internet Connection Maybe is Not Secure!

Install a Trusted VPN From the Appstore For Free and Protect Your Internet Connection!

How to Protect Your Connection:

Step 1. Click on the Button “Download” Below and Install the Recommended Application from the Appstore (Free)

Step 2. Open the Installed Application and Protect Your Internet Connection

DOWNLOAD

To enable pop-up blocking, fraudulent website warnings, and remove web browsing data in mobile Apple devices, follow these steps:

First, go to "Settings", and then scroll down to find and tap "Safari".

Check if the "Block Pop-ups" and "Fraudulent Website Warning" toggles are enabled. If not, enable them immediately. Then, scroll down and tap "Advanced".

Tap "Website Data" and then "Remove All Website Data".

Instant automatic Mac malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

• What is "apl-def[.]com"?
• STEP 1. Remove PUA related files and folders from OSX.
• STEP 2. Remove rogue extensions from Safari.
• STEP 3. Remove rogue add-ons from Google Chrome.
• STEP 4. Remove potentially unwanted plug-ins from Mozilla Firefox.

Video showing how to remove adware and browser hijackers from a Mac computer:

Potentially unwanted applications removal:

Remove potentially unwanted applications from your "Applications" folder:

Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX","NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.

Remove adware-related files and folders

Click the Finder icon, from the menu bar. Choose Go, and click Go to Folder...

Check for adware generated files in the /Library/LaunchAgents/ folder:

In the Go to Folder... bar, type: /Library/LaunchAgents/

In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.

Check for adware generated files in the ~/Library/Application Support/ folder:

In the Go to Folder... bar, type: ~/Library/Application Support/

In the "Application Support" folder, look for any recently-added suspicious folders. For example, "MplayerX" or "NicePlayer", and move these folders to the Trash.

Check for adware generated files in the ~/Library/LaunchAgents/ folder:

In the Go to Folder... bar, type: ~/Library/LaunchAgents/

In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.

Check for adware generated files in the /Library/LaunchDaemons/ folder:

In the "Go to Folder..." bar, type: /Library/LaunchDaemons/

In the "LaunchDaemons" folder, look for recently-added suspicious files. For example "com.aoudad.net-preferences.plist", "com.myppes.net-preferences.plist", "com.kuklorest.net-preferences.plist", "com.avickUpd.plist", etc., and move them to the Trash.

Scan your Mac with Combo Cleaner:

If you have followed all the steps correctly, your Mac should be clean of infections. To ensure your system is not infected, run a scan with Combo Cleaner Antivirus. Download it HERE. After downloading the file, double click combocleaner.dmg installer. In the opened window, drag and drop the Combo Cleaner icon on top of the Applications icon. Now open your launchpad and click on the Combo Cleaner icon. Wait until Combo Cleaner updates its virus definition database and click the "Start Combo Scan" button.

Combo Cleaner will scan your Mac for malware infections. If the antivirus scan displays "no threats found" - this means that you can continue with the removal guide; otherwise, it's recommended to remove any found infections before continuing.

After removing files and folders generated by the adware, continue to remove rogue extensions from your Internet browsers.

Remove malicious extensions from Internet browsers

Remove malicious Safari extensions:

Open the Safari browser, from the menu bar, select "Safari" and click "Preferences...".

In the preferences window, select "Extensions" and look for any recently-installed suspicious extensions. When located, click the "Uninstall" button next to it/them. Note that you can safely uninstall all extensions from your Safari browser - none are crucial for regular browser operation.

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Safari.

Remove malicious extensions from Google Chrome:

Click the Chrome menu icon (at the top right corner of Google Chrome), select "More Tools" and click "Extensions". Locate all recently-installed suspicious extensions, select these entries and click "Remove".

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Google Chrome.

Remove malicious extensions from Mozilla Firefox:

Click the Firefox menu (at the top right corner of the main window) and select "Add-ons and themes". Click "Extensions", in the opened window locate all recently-installed suspicious extensions, click on the three dots and then click "Remove".

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Mozilla Firefox.

▼ Show Discussion