How to stop redirects to the captcha244.ga scam website

What is the captcha244[.]ga site?

captcha244[.]ga is a deceptive website, running various scams. It has been observed promoting a scheme claiming that spyware has been detected on visitors' Apple devices. The scam urges users to call a fake technical support line. Trusting the content promoted on this site can lead to serious issues.

Typically, users access these deceptive/scam web pages unintentionally - most are redirected to them through redirects caused by intrusive ads or Potentially Unwanted Applications (PUAs). This software does not need explicit user permission to be installed onto systems.

At the time of research, captcha244[.]ga displayed a pop-up window, stating that the visitor's Apple device has been infected by a virus. The alert specifies the alleged threat as Pegasus spyware. This message speculates that the infection may have occurred due to an unexpected error.

It asks the user to call "Apple Care " (a fake tech support helpline) immediately. Additionally, the visitor is alerted that the browser might be compromised. While such scams often list the bogus support/service lines as free, they are typically very expensive. Therefore, by keeping users on the line for as long as possible, scammers can generate revenue.

Be aware that this is not the only way users' trust can be abused. They can be tricked to unintentionally allow remote access and control over their devices. Similarly, users may be offered PUAs or malware (e.g. Trojans, ransomware, etc.) disguised as anti-virus tools.

Scammers can also demand payment for "services rendered" and/or attempt to extort personal information (e.g. names, addresses, emails, banking account and credit card details, etc.). Therefore, trusting technical support scams and other schemes can lead to system infections, financial loss, serious privacy issues and even identity theft.

PUAs can force-open deceptive/scam, untrusted, compromised and malicious websites, however, these applications also have other/additional capabilities. Adware-types run intrusive advertisement campaigns, delivering pop-ups, banners, coupons and other ads.

These diminish the browsing experience by limiting browsing speed and web page visibility. When clicked, intrusive advertisements redirect to dubious/malicious sites and can stealthily download/install unwanted software.

Other PUA types called browser hijackers reassign the homage, default search engine and new tab/window URLs to the addresses of a fake search engine. With a browser hijacker installed, every new browser tab/window opened and search query typed into the URL bar redirects to the address of the bogus search engine.

Fake searching tools are usually unable to generate any results, and so they redirect to Yahoo, Google, Bing and other genuine search engines. Furthermore, recovering an affected browser without removing the browser hijacker is impossible, since any changes users attempt to make are automatically reset, if access to the settings is permitted at all.

Furthermore, most PUAs can monitor browsing activity (browsing and search engine histories) and collect personal information extracted from it (IP addresses, geolocations and other details). The gathered data is typically shared with and/or sold to third parties (potentially, cyber criminals).

To ensure device integrity and user safety, remove all suspect applications and browser extensions/plug-ins without delay.

Threat Summary:

Name	captcha244.ga pop-up
Threat Type	Phishing, Scam, Mac malware, Mac virus.
Fake Claim	Scam claims visitors' Apple devices are infected.
Serving IP Address	172.67.172.80
Symptoms	Your Mac becomes slower than normal, you see unwanted pop-up ads, you are redirected to dubious websites.
Distribution methods	Deceptive pop-up ads, free software installers (bundling), fake Flash Player installers, torrent file downloads.
Damage	Internet browser tracking (potential privacy issues), display of unwanted ads, redirects to dubious websites, loss of private information.
Malware Removal (Mac)	To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. ▼ Download Combo Cleaner for Mac To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

berrigroun.com, application-update.com, hastopnet.com and goingapp.xyz are some examples of other deceptive sites similar to captcha244[.]ga. Technical support schemes are not the only popular scams. Other common themes are: alerts about an outdated or missing essential software, fake prize giveaways, "unbelievable" deals and offers, etc.

Regardless of what the scams claim, request, offer or demand, the purpose is identical: to generate profit for the scammers and/or cyber criminals behind them.

How did potentially unwanted applications install on my computer?

PUAs are proliferated through the download/installation set-ups of other products. This deceptive marketing technique of pre-packing regular software with unwanted or malicious additions is called "bundling". Rushing downloads/installations (e.g. ignoring terms, skipping steps and sections, etc.) increases the risk of inadvertent installation of dubious and/or bundled content.

Some PUAs have "official" download pages, which are commonly promoted by deceptive/scam sites. Intrusive advertisements proliferate these applications as well. When clicked, they can execute scripts to download/install PUAs without users' consent.

How to avoid installation of potentially unwanted applications

You are strongly advised to research all software before download/installation. Use only official and verified download channels. Untrusted sources, such as unofficial and free file-hosting sites, P2P sharing networks (BitTorrent, eMule, Gnutella, etc.) and other third party downloaders can offer deceptive and/or bundled content - they should be avoided.

When downloading/installing, it is important to read the terms, explore all available options, use the "Custom" or "Advanced" settings and opt-out of additional apps, tools, features, and so on. Intrusive ads appear normal and harmless, however they can redirect to highly dubious websites (e.g. pornography, adult-dating, gambling, etc.).

If you encounter these ads/redirects, check the system and remove all suspicious applications and browser extensions. If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate them.

Text presented in the pop-up window displayed by captcha244[.]ga:

*YOUR APPLE DEVICE HAS A VIRUS*

 

Apple iOS Alert !!

 

PEGASUS (SPYWARE) ACTIVATED

 

System might be infected due to unexpected error!
Please Contact Apple Care +1(833) 324-8448 Immediately!
for assistance regarding how to remove it.

 

Suspicious Activity Detected. Your Browser might be compromised.
Close

To enable pop-up blocking, fraudulent website warnings, and remove web browsing data in mobile Apple devices, follow these steps:

First, go to "Settings", and then scroll down to find and tap "Safari".

Check if the "Block Pop-ups" and "Fraudulent Website Warning" toggles are enabled. If not, enable them immediately. Then, scroll down and tap "Advanced".

Tap "Website Data" and then "Remove All Website Data".

Instant automatic Mac malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

• What is "captcha244[.]ga"?
• STEP 1. Remove PUA related files and folders from OSX.
• STEP 2. Remove rogue extensions from Safari.
• STEP 3. Remove rogue add-ons from Google Chrome.
• STEP 4. Remove potentially unwanted plug-ins from Mozilla Firefox.

Video showing how to remove adware and browser hijackers from a Mac computer:

Potentially unwanted applications removal:

Remove potentially unwanted applications from your "Applications" folder:

Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX","NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.

Remove adware-related files and folders

Click the Finder icon, from the menu bar. Choose Go, and click Go to Folder...

Check for adware generated files in the /Library/LaunchAgents/ folder:

In the Go to Folder... bar, type: /Library/LaunchAgents/

In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.

Check for adware generated files in the ~/Library/Application Support/ folder:

In the Go to Folder... bar, type: ~/Library/Application Support/

In the "Application Support" folder, look for any recently-added suspicious folders. For example, "MplayerX" or "NicePlayer", and move these folders to the Trash.

Check for adware generated files in the ~/Library/LaunchAgents/ folder:

In the Go to Folder... bar, type: ~/Library/LaunchAgents/

In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.

Check for adware generated files in the /Library/LaunchDaemons/ folder:

In the "Go to Folder..." bar, type: /Library/LaunchDaemons/

In the "LaunchDaemons" folder, look for recently-added suspicious files. For example "com.aoudad.net-preferences.plist", "com.myppes.net-preferences.plist", "com.kuklorest.net-preferences.plist", "com.avickUpd.plist", etc., and move them to the Trash.

Scan your Mac with Combo Cleaner:

If you have followed all the steps correctly, your Mac should be clean of infections. To ensure your system is not infected, run a scan with Combo Cleaner Antivirus. Download it HERE. After downloading the file, double click combocleaner.dmg installer. In the opened window, drag and drop the Combo Cleaner icon on top of the Applications icon. Now open your launchpad and click on the Combo Cleaner icon. Wait until Combo Cleaner updates its virus definition database and click the "Start Combo Scan" button.

Combo Cleaner will scan your Mac for malware infections. If the antivirus scan displays "no threats found" - this means that you can continue with the removal guide; otherwise, it's recommended to remove any found infections before continuing.

After removing files and folders generated by the adware, continue to remove rogue extensions from your Internet browsers.

Remove malicious extensions from Internet browsers

Remove malicious Safari extensions:

Open the Safari browser, from the menu bar, select "Safari" and click "Preferences...".

In the preferences window, select "Extensions" and look for any recently-installed suspicious extensions. When located, click the "Uninstall" button next to it/them. Note that you can safely uninstall all extensions from your Safari browser - none are crucial for regular browser operation.

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Safari.

Remove malicious extensions from Google Chrome:

Click the Chrome menu icon (at the top right corner of Google Chrome), select "More Tools" and click "Extensions". Locate all recently-installed suspicious extensions, select these entries and click "Remove".

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Google Chrome.

Remove malicious extensions from Mozilla Firefox:

Click the Firefox menu (at the top right corner of the main window) and select "Add-ons and themes". Click "Extensions", in the opened window locate all recently-installed suspicious extensions, click on the three dots and then click "Remove".

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Mozilla Firefox.

▼ Show Discussion