Avoid downloading dubious content promoted by the bekapro.xyz scam website

What is bekapro[.]xyz?

bekapro[.]xyz is a scam website that makes deceptive claims to trick visitors into downloading and installing an untrusted or possibly malicious piece of software. The site states that users' devices have been compromised by viruses and advises them to remove the threats using a specific application.

No website can detect threats or issues present on a system. Few users access bekapro[.]xyz or similar web pages intentionally - most are redirected to them by intrusive advertisements or Potentially Unwanted Applications (PUAs) already infiltrated into the device.

The scam run on bekapro[.]xyz targets iPhone users, however, it might also be accessed (e.g. users can experience unwanted redirects to it) on other Apple products. Once this deceptive web page is entered, it displays a pop-up. The text presented therein claims that users have an "important notification" concerning their device.

When this pop-up is closed, the background page claims that three viruses have been detected on the visitors' iPhone. It alleges that the malware has already damaged the device and battery. If removal of the fake viruses is delayed, they could supposedly cause more damage.

To fix these nonexistent issues, the site provides removal steps. Firstly, users are instructed to click the "Download and Install" button and download/install the recommended app. They must then run the application and remove the malicious software, thereby repairing the device.

To create a sense of urgency, the scam displays a countdown timer, although it is not specified to what this refers. This is a bogus scheme and all information provided is false. Any software promoted using such dubious methods is often nonoperational, untrusted and potentially malicious.

PUAs can force-open not just deceptive/scam web pages, but also various sale-based, untrusted, rogue, compromised and malicious sites. These unwanted applications also have other capabilities.

They can deliver intrusive advertisements (e.g. pop-ups, banners, coupons, surveys, etc.) that diminish the browsing experience, since they reduce browsing speed and overlay page content. When these ads are clicked, they redirect to similarly dangerous websites and can execute scripts to stealthily download/install rogue software (e.g. PUAs).

Other PUAs can hijack browsers by modifying settings (and limiting/denying access to them) and promoting bogus search engines. Furthermore, most PUAs can track data. They monitor browsing activity (URLs visited, web pages viewed, search queries typed, etc.) and collect sensitive information derived from it (IP addresses, geolocations and other details).

This collected data is often shared with third parties (potentially, cyber criminals) seeking to misuse it for profit. This data usually contains personally identifiable information. To summarize, the presence of PUAs can cause various infiltration and infections, lead to financial loss, serious privacy issues and even identity theft.

To protect device integrity and user safety, remove all suspicious applications and browser extensions/plug-ins without delay.

Threat Summary:

Name	bekapro.xyz pop-up
Threat Type	Phishing, Scam, Mac malware, Mac virus.
Fake Claim	Scam claims users' iPhone is infected.
Detection Names	Forcepoint ThreatSeeker (Suspicious), Full List (VirusTotal)
Promoted Unwanted Application	Scam promotes various dubious applications.
Symptoms	Your Mac becomes slower than normal, you see unwanted pop-up ads, you are redirected to dubious websites.
Distribution methods	Deceptive pop-up ads, free software installers (bundling), fake Flash Player installers, torrent file downloads.
Damage	Internet browser tracking (potential privacy issues), display of unwanted ads, redirects to dubious websites, loss of private information.
Malware Removal (Mac)	To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. ▼ Download Combo Cleaner for Mac To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Deceptive/Scam sites are common on the web. Apl-def.com, protected-connection.com, and safariosso-aplosso.com are just some examples of such websites. They employ social engineering and scare tactics to encourage users into performing certain actions.

Warnings that the device is infected or at risk, claims that a crucial piece of software is outdated or missing, fake prize giveaways are just some popular scam models. Regardless of what these schemes claim or request, they have just one goal: to generate revenue at users' expense. Therefore, you are strongly advised to exercise caution when browsing.

How did potentially unwanted applications install on my computer?

Some PUAs have "official" promotional pages, which are commonly promoted by deceptive/scam sites. These apps also spread via download/installation set-ups of other software. "Bundling" is the term used to define this deceptive marketing technique of pre-packing regular products with unwanted or malicious additions.

Rushing download/installation processes (e.g. ignoring terms, skipping steps and sections, etc.) endangers systems with potential infiltration and infections originating from bundled content. Intrusive advertisements also spread unwanted applications. When clicked, they can execute scripts to download/install PUAs without users' consent.

How to avoid installation of potentially unwanted applications

You are advised to research all software before download/installation or purchase. All downloads should be performed only from official and verified sources. Untrustworthy download channels such as Peer-to-Peer sharing networks (BitTorrent, eMule, Gnutella, etc.), free file-hosting sites and other third party downloaders can offer deceptive and bundled content.

When downloading/installing, read the terms, explore all available options, use the "Custom/Advanced" setting and opt-out of additional apps, tools, features, etc. Intrusive ads may seem normal and harmless, however, they can redirect to dubious websites (e.g. gambling, pornography, adult-dating and so on).

If you encounter these ads/redirects, check the system and immediately remove all suspect applications and browser extensions/plug-ins. If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate them.

Text presented in the pop-up:

(1) SYSTEM NOTIFICATION
Please Read Important Notification Regarding Your iOS Device.
OK

Screenshot of the bekapro[.]xyz background page:

Text presented in this page:

Apple Security
Wednesday
18 March 2020
Friday
(3) Viruses has been detected on your iPhone and battery has been infected and damaged.

If you do not remove this malware now, it may cause more damage to your device. How to fix this:

Step 1: Tap the button below & install the recommended virus protection tool for free from the AppStore.

Step 2: Run the app to remove all malware to repair your phone to 100%
1 minutes and 51 seconds
Download and Install
Detected By Apple.

To enable pop-up blocking, fraudulent website warnings, and remove web browsing data in mobile Apple devices, follow these steps:

First, go to "Settings", and then scroll down to find and tap "Safari".

Check if the "Block Pop-ups" and "Fraudulent Website Warning" toggles are enabled. If not, enable them immediately. Then, scroll down and tap "Advanced".

Tap "Website Data" and then "Remove All Website Data".

Instant automatic Mac malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

• What is "bekapro[.]xyz"?
• STEP 1. Remove PUA related files and folders from OSX.
• STEP 2. Remove rogue extensions from Safari.
• STEP 3. Remove rogue add-ons from Google Chrome.
• STEP 4. Remove potentially unwanted plug-ins from Mozilla Firefox.

Video showing how to remove adware and browser hijackers from a Mac computer:

Potentially unwanted applications removal:

Remove potentially unwanted applications from your "Applications" folder:

Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX","NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.

Remove adware-related files and folders

Click the Finder icon, from the menu bar. Choose Go, and click Go to Folder...

Check for adware generated files in the /Library/LaunchAgents/ folder:

In the Go to Folder... bar, type: /Library/LaunchAgents/

In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.

Check for adware generated files in the ~/Library/Application Support/ folder:

In the Go to Folder... bar, type: ~/Library/Application Support/

In the "Application Support" folder, look for any recently-added suspicious folders. For example, "MplayerX" or "NicePlayer", and move these folders to the Trash.

Check for adware generated files in the ~/Library/LaunchAgents/ folder:

In the Go to Folder... bar, type: ~/Library/LaunchAgents/

In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.

Check for adware generated files in the /Library/LaunchDaemons/ folder:

In the "Go to Folder..." bar, type: /Library/LaunchDaemons/

In the "LaunchDaemons" folder, look for recently-added suspicious files. For example "com.aoudad.net-preferences.plist", "com.myppes.net-preferences.plist", "com.kuklorest.net-preferences.plist", "com.avickUpd.plist", etc., and move them to the Trash.

Scan your Mac with Combo Cleaner:

If you have followed all the steps correctly, your Mac should be clean of infections. To ensure your system is not infected, run a scan with Combo Cleaner Antivirus. Download it HERE. After downloading the file, double click combocleaner.dmg installer. In the opened window, drag and drop the Combo Cleaner icon on top of the Applications icon. Now open your launchpad and click on the Combo Cleaner icon. Wait until Combo Cleaner updates its virus definition database and click the "Start Combo Scan" button.

Combo Cleaner will scan your Mac for malware infections. If the antivirus scan displays "no threats found" - this means that you can continue with the removal guide; otherwise, it's recommended to remove any found infections before continuing.

After removing files and folders generated by the adware, continue to remove rogue extensions from your Internet browsers.

Remove malicious extensions from Internet browsers

Remove malicious Safari extensions:

Open the Safari browser, from the menu bar, select "Safari" and click "Preferences...".

In the preferences window, select "Extensions" and look for any recently-installed suspicious extensions. When located, click the "Uninstall" button next to it/them. Note that you can safely uninstall all extensions from your Safari browser - none are crucial for regular browser operation.

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Safari.

Remove malicious extensions from Google Chrome:

Click the Chrome menu icon (at the top right corner of Google Chrome), select "More Tools" and click "Extensions". Locate all recently-installed suspicious extensions, select these entries and click "Remove".

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Google Chrome.

Remove malicious extensions from Mozilla Firefox:

Click the Firefox menu (at the top right corner of the main window) and select "Add-ons and themes". Click "Extensions", in the opened window locate all recently-installed suspicious extensions, click on the three dots and then click "Remove".

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Mozilla Firefox.

▼ Show Discussion