Avoid downloading dubious software from the apple-online-guard.com scam

What is apple-online-guard[.]com?

apple-online-guard[.]com is a scam website designed to target iPhone users, however, it might also be accessed by other Apple products. This deceptive site claims that visitors' devices are infected and recommends download/installation of a promoted application.

No web page can detect threats/issues present on a system, and any that make such claims are scams. Furthermore, software endorsed using these deceptive techniques is often nonoperational, untrusted, and even malicious.

Many visitors access apple-online-guard[.]com and similar websites unintentionally via redirects caused by intrusive ads or Potentially Unwanted Applications (PUAs).

Once accessed, apple-online-guard[.]com displays a pop-up window stating that users must read an important notification concerning their device. When the pop-up is closed, the background page informs users that their iPhones have been infected with three viruses.

These nonexistent infections have supposedly damaged the device's battery and might cause more damage. To fix this, users are instructed to click "Download and Install" to acquire the promoted virus protection tool from the AppStore. They are then to run this app and remove the so-called viruses.

All claims made by apple-online-guard[.]com are false. Furthermore, these scams commonly promote fake anti-viruses, adware, browser hijackers and other PUAs, as well as malware (Trojans, ransomware, etc.). Therefore, never trust apple-online-guard[.]com or other, similar websites.

PUAs can force-open, not just deceptive/scam pages, but also sale-based, untrusted, rogue, compromised and malicious websites, however, these apps have additional capabilities. They can enable the placement of intrusive ads onto any visited site. When clicked, the delivered ads can redirect to dangerous sites and stealthily download/install rogue software (e.g PUAs).

These unwanted applications can hijack browsers by modifying settings and denying access to them to promote fake search engines. Most PUAs can track data. They can monitor browsing activity (browsing and search engine histories) and collect personal information (IP addresses, geolocations and other details).

This vulnerable data is often shared with third parties seeking to misuse it for profit. To summarize, PUAs can cause system infiltration/infections, financial loss, serious privacy issues and even identity theft. To ensure device and user safety, remove all suspect applications and browser extensions/plug-ins immediately upon detection.

Threat Summary:

Name	apple-online-guard.com pop-up
Threat Type	Phishing, Scam, Mac malware, Mac virus.
Fake Claim	The scam claims that users' devices are infected.
Detection Names	ESET (Phishing), CLEAN MX (Phishing), Fortinet (Spam), Spamhaus (Spam), Full List (VirusTotal)
Serving IP Address	95.217.111.214
Promoted Unwanted Application	Scam promotes dubious apps.
Symptoms	Your Mac becomes slower than normal, you see unwanted pop-up ads, you are redirected to dubious websites.
Distribution methods	Deceptive pop-up ads, free software installers (bundling), fake Flash Player installers, torrent file downloads.
Damage	Internet browser tracking (potential privacy issues), display of unwanted ads, redirects to dubious websites, loss of private information.
Malware Removal (Mac)	To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. ▼ Download Combo Cleaner for Mac To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

guardapl.com, contentfilled.com and protected-connection.com are some examples of other scam sites targeting iPhone users. Social engineering and scare tactics are used to trick people into performing certain actions.

Popular scam models include (but are not limited to) warnings that the device is infected, a piece of essential software is outdated, claims that a prize can be won, "amazing" offers, and so on. While these schemes operate differently, the end-goal is identical: to generate revenue for the scammers/cyber criminals behind them.

How did potentially unwanted applications install on my computer?

PUAs proliferate via the download/installation set-ups of other software. This deceptive marketing method of pre-packing regular products with unwanted or malicious additions is called "bundling".

Rushing download/installation processes (e.g. skipped steps and sections, etc.) increases the risk of inadvertent installation of bundled content. Some PUAs have "official" download pages, which are often promoted by deceptive/scam sites. Once clicked, intrusive advertisements can execute scripts to download/install PUAs without users' permission.

How to avoid installation of potentially unwanted applications

All products should be researched and downloaded only from official and verified sources. Unofficial and free file-hosting sites, Peer-to-Peer sharing networks and other third party downloaders are untrusted and should be avoided.

When downloading/installing, you are advised to read the terms, explore all possible options, use "Custom/Advanced" settings and opt-out of additional apps, tools, features, etc. Intrusive ads may seem normal and harmless, however, they can redirect to dubious web pages (e.g. gambling, pornography, adult-dating and others).

If you encounter these ads/redirects, inspect the system and remove all suspicious applications and browser extensions/plug-ins without delay. If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate them.

Text presented in the pop-up displayed by apple-online-guard[.]com:

(1) SYSTEM NOTIFICATION
Please Read Important Notification Regarding Your iOS Device.
OK

Appearance of the background web page of apple-online-guard[.]com:

Text presented in this page:

Apple Security
Thursday
9 April 2020
(3) Viruses has been detected on your iPhone and battery has been infected and damaged.

 

If you do not remove this malware now, it may cause more damage to your device. How to fix this:

 

Step 1: Tap the button below & install the recommended virus protection tool for free from the AppStore.

Step 2: Run the app to remove all malware to repair your phone to 100%

 

1 minutes and 10 seconds
Download and Install
Detected By Apple.

 Screenshot of the apple-online-guard[.]com scam desktop version:

Screenshot of the background page of this version:

Instant automatic Mac malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

• What is "apple-online-guard[.]com"?
• STEP 1. Remove PUA related files and folders from OSX.
• STEP 2. Remove rogue extensions from Safari.
• STEP 3. Remove rogue add-ons from Google Chrome.
• STEP 4. Remove potentially unwanted plug-ins from Mozilla Firefox.

Video showing how to remove adware and browser hijackers from a Mac computer:

Potentially unwanted applications removal:

Remove potentially unwanted applications from your "Applications" folder:

Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX","NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.

Remove adware-related files and folders

Click the Finder icon, from the menu bar. Choose Go, and click Go to Folder...

Check for adware generated files in the /Library/LaunchAgents/ folder:

In the Go to Folder... bar, type: /Library/LaunchAgents/

In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.

Check for adware generated files in the ~/Library/Application Support/ folder:

In the Go to Folder... bar, type: ~/Library/Application Support/

In the "Application Support" folder, look for any recently-added suspicious folders. For example, "MplayerX" or "NicePlayer", and move these folders to the Trash.

Check for adware generated files in the ~/Library/LaunchAgents/ folder:

In the Go to Folder... bar, type: ~/Library/LaunchAgents/

In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.

Check for adware generated files in the /Library/LaunchDaemons/ folder:

In the "Go to Folder..." bar, type: /Library/LaunchDaemons/

In the "LaunchDaemons" folder, look for recently-added suspicious files. For example "com.aoudad.net-preferences.plist", "com.myppes.net-preferences.plist", "com.kuklorest.net-preferences.plist", "com.avickUpd.plist", etc., and move them to the Trash.

Scan your Mac with Combo Cleaner:

If you have followed all the steps correctly, your Mac should be clean of infections. To ensure your system is not infected, run a scan with Combo Cleaner Antivirus. Download it HERE. After downloading the file, double click combocleaner.dmg installer. In the opened window, drag and drop the Combo Cleaner icon on top of the Applications icon. Now open your launchpad and click on the Combo Cleaner icon. Wait until Combo Cleaner updates its virus definition database and click the "Start Combo Scan" button.

Combo Cleaner will scan your Mac for malware infections. If the antivirus scan displays "no threats found" - this means that you can continue with the removal guide; otherwise, it's recommended to remove any found infections before continuing.

After removing files and folders generated by the adware, continue to remove rogue extensions from your Internet browsers.

Remove malicious extensions from Internet browsers

Remove malicious Safari extensions:

Open the Safari browser, from the menu bar, select "Safari" and click "Preferences...".

In the preferences window, select "Extensions" and look for any recently-installed suspicious extensions. When located, click the "Uninstall" button next to it/them. Note that you can safely uninstall all extensions from your Safari browser - none are crucial for regular browser operation.

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Safari.

Remove malicious extensions from Google Chrome:

Click the Chrome menu icon (at the top right corner of Google Chrome), select "More Tools" and click "Extensions". Locate all recently-installed suspicious extensions, select these entries and click "Remove".

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Google Chrome.

Remove malicious extensions from Mozilla Firefox:

Click the Firefox menu (at the top right corner of the main window) and select "Add-ons and themes". Click "Extensions", in the opened window locate all recently-installed suspicious extensions, click on the three dots and then click "Remove".

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Mozilla Firefox.

▼ Show Discussion