Do not download/install apps promoted via tackis.xyz scam website
Written by Tomas Meskauskas on (updated)
What is the tackis[.]xyz site?
Tackis[.]xyz is an untrustworthy website designed to run various scams. At the time of research, this page promoted a scheme claiming that visitors' iPhones have been infected and damaged by viruses. While the scam primarily targets iPhone users, the webpage might be accessed via other Apple devices as well.
It must be emphasized that no site can detect threats or issues present on their visitors' systems; hence, any that make such claims are scams.
Schemes of this type aim to push users into downloading/installing and/or purchasing dubious software, e.g., fake anti-viruses, adware, browser hijackers, and other Potentially Unwanted Applications (PUAs).
It is noteworthy that these scams may also proliferate malware (e.g., trojans, ransomware, cryptocurrency miners, etc.). The tackis[.]xyz website has been observed being promoted via deceptive Calendar events.
Users seldom enter harmful sites intentionally; most access them via mistyped URLs, or redirects caused by intrusive advertisements or installed PUAs.
The scam run on tackis[.]xyz falsely states that 39 viruses have damaged the visitor's iPhone. Allegedly, the sources of the infections are recently visited adult-themed websites.
The mobile phone is supposedly at 28.1%, and the nonexistent threats will corrupt the iPhone's SIM card and damage stored photos, data, contacts, and installed applications. The scheme then urges users to remove the fake viruses by installing and running the recommended app.
Additionally, the application will supposedly improve the browsing speed. As mentioned in the introduction, all of the claims made by this scam - are false. Therefore, by trusting tackis[.]xyz, users can experience system infections, serious privacy issues, financial losses, and even identity theft.
PUAs are commonly endorsed through various schemes. Unwanted apps usually appear legitimate and offer "useful" features, which are rarely operational. Fake anti-virus tools are prime examples of this type of PUAs.
They require activation (i.e., purchase) to perform the promised functions, yet following activation - the functionalities remain nonoperational.
Furthermore, PUAs can have heinous abilities. Some of these applications can force-open promotional/sale-based, untrustworthy, deceptive/scam, and malicious webpages (e.g., tackis[.]xyz, and many others). Adware-types run intrusive advertisement campaigns.
Software within this classification delivers browsing quality-diminishing and dangerous ads. Upon being clicked, intrusive adverts redirect to unreliable/malicious sites, and some can stealthily download/install software.
Another PUA type called browser hijacker operates by making modifications to browser settings and restricting/denying access to them - in order to promote illegitimate search engines.
The promoted web searchers typically cannot generate search results, so they redirect to Google, Bing, Yahoo, and other legitimate search engines. What is more, most PUAs can track data.
Information of interest includes: URLs visited, pages viewed, search queries typed, IP addresses, geolocations, and even personally identifiable details. The gathered data is then sold to third-parties (potentially, cyber criminals).
Therefore, it is strongly advised to eliminate all suspect applications and browser extensions/plug-ins immediately upon detection.
Name | tackis.xyz pop-up |
Threat Type | Phishing, Scam, Mac malware, Mac virus |
Fake Claim | Scam claims users' iPhones have been infected with multiple viruses. |
Detection Names | Forcepoint ThreatSeeker (Suspicious), alphaMountain.ai (Suspicious), Full List (VirusTotal) |
Serving IP Address | 172.67.189.184 |
Promoted Unwanted Application | Various dubious applications |
Symptoms | Your Mac becomes slower than normal, you see unwanted pop-up ads, you are redirected to dubious websites. |
Distribution methods | Deceptive pop-up ads, free software installers (bundling), fake Flash Player installers, torrent file downloads. |
Damage | Internet browser tracking (potential privacy issues), display of unwanted ads, redirects to dubious websites, loss of private information. |
Malware Removal (Mac) | To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. |
Iosdfnc[.]com, security-info[.]space, and landingsecure[.]com are a few examples of websites promoting iPhone user targeting schemes. The Internet is rife with misleading, deceptive, and hazardous content.
Popular scams include: warnings that the system is infected or at risk, alerts that an important piece of software is outdated or missing, fake prize giveaways and raffles, unbelievable deals, and so forth. Regardless of what claims scams make - they have no value to users and pose various threats to them.
Due to how prevalent online schemes are, it is highly recommended to exercise caution when browsing.
How did potentially unwanted applications install on my computer?
PUAs can have "official" promotional/download webpages, which are often pushed by deceptive/scam sites. These applications are also distributed via download/installation setups of other software. This false marketing technique of packing regular programs with unwanted or malicious additions - is termed "bundling".
Rushed download/installation processes (e.g., ignored terms, used pre-set options, etc.) increase the risk of inadvertently allowing bundled content into the device. When clicked on, intrusive adverts can execute scripts to download/install PUAs without user consent.
How to avoid installation of potentially unwanted applications?
It is recommended to research software before download/installation and/or purchase. Additionally, only official and verified download channels must be used.
Untrustworthy sources, e.g., unofficial and free file-hosting websites, Peer-to-Peer sharing networks, and other third-party downloaders - commonly offer harmful and bundled content.
When downloading/installing, it is advised to read terms, study all possible options, use the "Custom/Advanced" settings and opt-out from additional apps, tools, functions, etc.
Intrusive advertisements appear ordinary and innocuous; however, they redirect to questionable sites (e.g., gambling, adult-dating, pornography, and so on).
In case of encounters with ads and/or redirects of this kind, the system must be checked and all suspicious applications and browser extensions/plug-ins detected - immediately removed from it.
If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate them.
Text presented in the scam promoted on tackis[.]xyz:
Your iPhone is severly damaged by (39) viruses
We've noticed that your Apple is 28.1%
Damaged by (30) harmful viruses from recent adult sites. It will soon corrupt your iPhone's SIM card and damage your contacts, photos, data, and applications.
4 minutes and! 55 seconds
If you don't remove the virus now, it will cause serious damage to your iPhone. Here's what you need to do (step by step):
Step 1: Tap and install app for free on the App Store!
Step 2: Open the application to speed up and fix your browser!
[Repair Now]
To remove rogue calendars that deliver notifications, promote dubious websites and fill Calendar with unwanted events in mobile Apple devices, follow these steps:
First go to your Home screen, find "Calendar", and then tap "Calendars" at the bottom of the screen:
Then find all suspicious Calendar entries (they are typically named after the promoted websites and the colors of their icons match those of the unwanted events) and tap the "i" symbol within a circle. Then scroll down to the very bottom of the screen, tap "Delete Calendar" and confirm it:
Users of older iOS versions should also perform the following steps:
- 1. Go to "Settings"
- 2. Select "Passwords & Accounts"
- 3. Select "Subscribed Calendars" in the "Accounts" section
- 4. Search for any dubious Calendars, tap them and select "Delete Account"
After removing the suspicious Calendars, you should clean the browsing data and ensure that pop-up blocking and fraudulent website warning settings are enabled:
To enable pop-up blocking, fraudulent website warnings, and remove web browsing data in mobile Apple devices, follow these steps:
First, go to "Settings", and then scroll down to find and tap "Safari".
Check if the "Block Pop-ups" and "Fraudulent Website Warning" toggles are enabled. If not, enable them immediately. Then, scroll down and tap "Advanced".
Tap "Website Data" and then "Remove All Website Data".
Instant automatic Mac malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.
Quick menu:
- What is "tackis[.]xyz"?
- STEP 1. Remove PUA related files and folders from OSX.
- STEP 2. Remove rogue extensions from Safari.
- STEP 3. Remove rogue add-ons from Google Chrome.
- STEP 4. Remove potentially unwanted plug-ins from Mozilla Firefox.
Video showing how to remove adware and browser hijackers from a Mac computer:
Potentially unwanted applications removal:
Remove potentially unwanted applications from your "Applications" folder:
Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX","NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.
Remove adware-related files and folders
Click the Finder icon, from the menu bar. Choose Go, and click Go to Folder...
Check for adware generated files in the /Library/LaunchAgents/ folder:
In the Go to Folder... bar, type: /Library/LaunchAgents/
In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.
Check for adware generated files in the ~/Library/Application Support/ folder:
In the Go to Folder... bar, type: ~/Library/Application Support/
In the "Application Support" folder, look for any recently-added suspicious folders. For example, "MplayerX" or "NicePlayer", and move these folders to the Trash.
Check for adware generated files in the ~/Library/LaunchAgents/ folder:
In the Go to Folder... bar, type: ~/Library/LaunchAgents/
In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.
Check for adware generated files in the /Library/LaunchDaemons/ folder:
In the "Go to Folder..." bar, type: /Library/LaunchDaemons/
In the "LaunchDaemons" folder, look for recently-added suspicious files. For example "com.aoudad.net-preferences.plist", "com.myppes.net-preferences.plist", "com.kuklorest.net-preferences.plist", "com.avickUpd.plist", etc., and move them to the Trash.
Scan your Mac with Combo Cleaner:
If you have followed all the steps correctly, your Mac should be clean of infections. To ensure your system is not infected, run a scan with Combo Cleaner Antivirus. Download it HERE. After downloading the file, double click combocleaner.dmg installer. In the opened window, drag and drop the Combo Cleaner icon on top of the Applications icon. Now open your launchpad and click on the Combo Cleaner icon. Wait until Combo Cleaner updates its virus definition database and click the "Start Combo Scan" button.
Combo Cleaner will scan your Mac for malware infections. If the antivirus scan displays "no threats found" - this means that you can continue with the removal guide; otherwise, it's recommended to remove any found infections before continuing.
After removing files and folders generated by the adware, continue to remove rogue extensions from your Internet browsers.
Remove malicious extensions from Internet browsers
Remove malicious Safari extensions:
Open the Safari browser, from the menu bar, select "Safari" and click "Preferences...".
In the preferences window, select "Extensions" and look for any recently-installed suspicious extensions. When located, click the "Uninstall" button next to it/them. Note that you can safely uninstall all extensions from your Safari browser - none are crucial for regular browser operation.
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Safari.
Remove malicious extensions from Google Chrome:
Click the Chrome menu icon (at the top right corner of Google Chrome), select "More Tools" and click "Extensions". Locate all recently-installed suspicious extensions, select these entries and click "Remove".
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Google Chrome.
Remove malicious extensions from Mozilla Firefox:
Click the Firefox menu (at the top right corner of the main window) and select "Add-ons and themes". Click "Extensions", in the opened window locate all recently-installed suspicious extensions, click on the three dots and then click "Remove".
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Mozilla Firefox.
▼ Show Discussion