How to remove apps designed to promote client-privacy.space?
Written by Tomas Meskauskas on
What is client-privacy[.]space?
Client-privacy[.]space is the address of a deceptive website that is using a scare tactic to trick visitors into installing a potentially unwanted application (PUA). More precisely, client-privacy[.]space displays a fake virus notification and encourages visitors to remove supposedly detected viruses.
![client-privacy[.]space scam](/images/stories/screenshots202108/client-privacy-space-pop-up-scam-main.jpg)
Client-privacy[.]space website in detail
Client-privacy[.]space is disguised as the official Apple Security website. At first, client-privacy[.]space displays a fake system notification stating that a device is infected with malware and encouraging to click the "OK" button to see the instructions on how to download the application that is supposed to remove that malware.
As stated in the main client-privacy[.]space website, a device is infected with 129 viruses. It is also stated that hackers have hijacked the Calendar app, infected the battery, and are trying to steal photos. Client-privacy[.]space suggests that if visitors do not remove detected viruses immediately, they may cause more damage to a device.
Client-privacy[.]space instructs to tap the "Remove Virus" button to download the application that is supposed to remove detected viruses. Research shows that the aforementioned button opens a download page for HotVPN Fast & secure application. Judging by the name of this app, it has nothing to do with malware removal.
HotVPN Fast & secure is a legitimate application (it is available on App Store). However, this does not make the client-privacy[.]space website any less untrustworthy. It is important to mention that websites of this type could be used to trick visitors into installing adware, browser hijackers, and other potentially unwanted applications (PUAs).
More about adware and browser hijackers
Adware is software that displays pop-up ads, coupons, banners, surveys, or other advertisements. Pretty often, those ads cover contents of opened pages, promote shady pages, and can be used to distribute unwanted software (by clicking those ads, users may open dubious pages or cause unwanted downloads or even installations).
Browser hijacker is software that changes web browser's settings. It promotes a fake search engine by changing the address of a default search engine, homepage and new tab to an address of a fake search engine. Most browser hijackers do not allow users to remove a fake search engine from the settings of a hijacked browser.
Additionally, adware-type apps and browser hijackers can be designed to collect information (for example, credit card details, passwords) that may be misused to steal accounts, make unauthorized transactions, purchases, steal identities. Although, it is more common for apps of this kind to gather browsing-related data.
| Name | client-privacy.space pop-up |
| Threat Type | Phishing, Scam, Mac malware, Mac virus |
| Fake Claim | Device is infected with 129 viruses, hackers are trying to steal photos from it |
| Detection Names | N/A (VirusTotal) |
| Promoted Unwanted Application | HotVPN Fast & secure |
| Symptoms | Your Mac becomes slower than normal, you see unwanted pop-up ads, you are redirected to dubious websites. |
| Distribution methods | Deceptive pop-up ads, free software installers (bundling), fake Flash Player installers, torrent file downloads. |
| Damage | Internet browser tracking (potential privacy issues), display of unwanted ads, redirects to dubious websites, loss of private information. |
| Malware Removal (Mac) | To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. |
Client-privacy[.]space and other scams in general
The Internet is full of websites like client-privacy[.]space. Some examples are secure-inform[.]space, dency[.]site, and ustrack[.]online. Usually, they display fake notifications claiming that a device is hacked and (or) infected with viruses. It is uncommon for these pages to be visited by users intentionally. Quite often, they are promoted through PUAs.
How did potentially unwanted applications install on my computer?
One of the most popular ways to distribute adware, browser hijackers, and other PUAs is to include them in downloaders and installers for free programs. Users download or install PUAs together with other programs when they leave settings like "Advanced", "Custom" or other options unchanged (or leave checkboxes ticked).
Sometimes, users cause unwanted downloads or installations by clicking deceptive advertisements. It happens when users click on ads designed to execute certain scripts. Also, users cause unwanted downloads, installations through fake installers (through installers designed to look like the installers for legitimate programs).
How to avoid installation of potentially unwanted applications?
Apps should not be downloaded from third-party downloaders, eMule, torrent clients, or other Peer-to-Peer networks, unofficial pages, and other sources of the same kind. Those sources can be used as channels for distribution of PUAs. The same applies to third-party installers. Apps and files should be downloaded from legitimate pages and via direct links.
Also, it is recommended to remember that downloaders and installers that have "Custom", "Advanced," and other similar settings can be used to distribute potentially unwanted apps. Unwanted apps can and should be declined before completing downloads and installations of other programs.
Ads that shady pages display should not be trusted/clicked as well. Quite often, those ads open dubious pages or cause unwanted downloads, installations. If there are any suspicious, unknown, or unwanted extensions, plug-ins, or add-ons installed on a browser or programs of this kind installed on a computer, then they should be removed. If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate them.
Text in the fake system notification:
(1) SYSTEM NOTIFICATION
Malware detected. Hit OK to repair.
OK
Screenshot of the background page:
Text in this page:
Apple Security Thursday
19 August 2021
(129) Viruses have been detected on your iPhone - hackers hijacked your calendar, infected your battery and trying to steal your photos.If you do not remove this malware now, it may cause more damage to your device. How to fix this:
Step 1: Tap the button below & install the recommended AdBlocker and virus protection tool free from the AppStore.
Step 2: Run the app, follow on screen instructions to remove malware and repair your phone remotely.
01 minutes and 01 seconds
Remove Virus
Detected By Apple.
Download website for the application promoted via client-privacy[.]space:
To enable pop-up blocking, fraudulent website warnings, and remove web browsing data in mobile Apple devices, follow these steps:
First, go to "Settings", and then scroll down to find and tap "Safari".
Check if the "Block Pop-ups" and "Fraudulent Website Warning" toggles are enabled. If not, enable them immediately. Then, scroll down and tap "Advanced".
Tap "Website Data" and then "Remove All Website Data".
Instant automatic Mac malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.
Quick menu:
- What is client-privacy[.]space?
- STEP 1. Remove PUA related files and folders from OSX.
- STEP 2. Remove rogue extensions from Safari.
- STEP 3. Remove rogue add-ons from Google Chrome.
- STEP 4. Remove potentially unwanted plug-ins from Mozilla Firefox.
Video showing how to remove adware and browser hijackers from a Mac computer:
Potentially unwanted applications removal:
Remove potentially unwanted applications from your "Applications" folder:
Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX","NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.
Remove adware-related files and folders
Click the Finder icon, from the menu bar. Choose Go, and click Go to Folder...
Check for adware generated files in the /Library/LaunchAgents/ folder:
In the Go to Folder... bar, type: /Library/LaunchAgents/
In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.
Check for adware generated files in the ~/Library/Application Support/ folder:
In the Go to Folder... bar, type: ~/Library/Application Support/
In the "Application Support" folder, look for any recently-added suspicious folders. For example, "MplayerX" or "NicePlayer", and move these folders to the Trash.
Check for adware generated files in the ~/Library/LaunchAgents/ folder:
In the Go to Folder... bar, type: ~/Library/LaunchAgents/
In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.
Check for adware generated files in the /Library/LaunchDaemons/ folder:
In the "Go to Folder..." bar, type: /Library/LaunchDaemons/
In the "LaunchDaemons" folder, look for recently-added suspicious files. For example "com.aoudad.net-preferences.plist", "com.myppes.net-preferences.plist", "com.kuklorest.net-preferences.plist", "com.avickUpd.plist", etc., and move them to the Trash.
Scan your Mac with Combo Cleaner:
If you have followed all the steps correctly, your Mac should be clean of infections. To ensure your system is not infected, run a scan with Combo Cleaner Antivirus. Download it HERE. After downloading the file, double click combocleaner.dmg installer. In the opened window, drag and drop the Combo Cleaner icon on top of the Applications icon. Now open your launchpad and click on the Combo Cleaner icon. Wait until Combo Cleaner updates its virus definition database and click the "Start Combo Scan" button.
Combo Cleaner will scan your Mac for malware infections. If the antivirus scan displays "no threats found" - this means that you can continue with the removal guide; otherwise, it's recommended to remove any found infections before continuing.
After removing files and folders generated by the adware, continue to remove rogue extensions from your Internet browsers.
Remove malicious extensions from Internet browsers
Remove malicious Safari extensions:
Open the Safari browser, from the menu bar, select "Safari" and click "Preferences...".
In the preferences window, select "Extensions" and look for any recently-installed suspicious extensions. When located, click the "Uninstall" button next to it/them. Note that you can safely uninstall all extensions from your Safari browser - none are crucial for regular browser operation.
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Safari.
Remove malicious extensions from Google Chrome:
Click the Chrome menu icon 
(at the top right corner of Google Chrome), select "More Tools" and click "Extensions". Locate all recently-installed suspicious extensions, select these entries and click "Remove".
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Google Chrome.
Remove malicious extensions from Mozilla Firefox:
Click the Firefox menu 
(at the top right corner of the main window) and select "Add-ons and themes". Click "Extensions", in the opened window locate all recently-installed suspicious extensions, click on the three dots and then click "Remove".
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Mozilla Firefox.
Outstanding!
▼ Show Discussion