How to spot fake messages like the notification from "MacOS Security Center"
Written by Tomas Meskauskas on (updated)
What kind of scam is "MacOS Security Center"?
While scrutinizing this webpage, it has been ascertained that its intent is to deceive users into thinking that their operating system is at risk. The page showcases a misleading pop-up message encouraging visitors to buy specific antivirus software. It is strongly recommended not to place trust in such pages, even if they endorse legitimate products.
More about the "MacOS Security Center" scam
Upon visiting the page, it conducts a simulated system scan, followed by the presentation of a misleading pop-up message. The deceptive pop-up message in question is designed to mimic a security alert. It falsely claims to be from "MacOS Security Center" and alleges that the user's system is at risk.
The message urges immediate action, implying that delaying could result in further harm to the system. It falsely advises the user not to leave the page until they have followed the suggested steps.
It has been discovered that this scam is operated by affiliates who are promoting McAfee antivirus through deceptive means. These affiliates are using scareware tactics, as evidenced by the deceptive pop-up message claiming a system threat and urging immediate action.
The goal is to convince users to engage with the recommended steps, which include downloading and purchasing McAfee antivirus. Affiliates typically earn a commission for each user they drive to make a purchase, creating a financial incentive for these deceptive practices.
It is important to note that McAfee is a well-known cybersecurity company offering genuine security solutions to protect users from real threats. Legitimate and reputable companies like McAfee typically do not use deceptive tactics to promote their products.
Also, the page running this scam may promote other antivirus products. Either way, It is essential for users to be cautious of deceptive tactics employed by rogue affiliates or malicious actors who attempt to exploit the reputation of legitimate companies for their own gain.
| Name | MacOS Security Center scam |
| Threat Type | Phishing, Scam, Mac malware, Mac virus |
| Fake Claim | The operating system is at risk |
| Related Domain | burningpixelmedia[.]com, windows[.]net |
| Detection Names (burningpixelmedia[.]com) | alphaMountain.ai (Suspicious), Yandex Safebrowsing (Phishing), Full List (VirusTotal) |
| Serving IP Address | 195.201.108.83 |
| Cyber Criminal Phone Numbers | +1-844-524-2658, +1-865-244-8728, +1-856-243-1725, +1-802-503-3531, +1-802-304-3085, +1-855-399-1066, +1855-678-6258 |
| Promoted Application | McAfee antivirus |
| Symptoms | Your Mac becomes slower than normal, you see unwanted pop-up ads, you are redirected to dubious websites. |
| Distribution methods | Deceptive pop-up ads, free software installers (bundling), torrent file downloads. |
| Damage | Internet browser tracking (potential privacy issues), display of unwanted ads, redirects to dubious websites, loss of private information. |
| Malware Removal (Windows) | To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. |
Conclusion
These scam pages share common characteristics, including deceptive pop-up messages, impersonation of reputable companies, fake system scans, pressure to take urgent action, emotional manipulation, limited options, promotion of dubious software, lack of clear contact information, lower website quality, and domain names mimicking trusted brands.
Staying skeptical, verifying website authenticity, using reliable security software, and staying informed about common online scams are essential safeguards against falling victim to these deceptive practices.
Examples of similar scams are "Access To This MAC Has Been Blocked", "Apple Security Center", and "You May Have Viruses On After Visiting An Adult Website".
How did I open a scam website?
Users can encounter misleading web pages through various online avenues. Interacting with deceptive online advertisements, especially those promising easy money, free rewards, torrents, etc., can lead users to such websites.
Furthermore, users may inadvertently click on malicious links in emails, social media messages, or compromised websites, which can redirect them to deceptive sites. Deceptive webpages can also appear in search engine results at times, taking advantage of popular search queries and keywords to attract unsuspecting users.
In certain cases, unscrupulous browser extensions, like ad-supported applications, have the ability to force browsers to redirect users to misleading pages.
How to avoid visiting scam websites?
Be cautious when encountering unsolicited offers, especially if they seem too good to be true. Pay close attention to website URLs, as scams often use misspelled or suspicious addresses. Use reputable search engines like Google, Bing, or Yahoo. Be cautious of unsolicited emails with attachments or links.
Maintain up-to-date operating systems, browsers, and software to reduce vulnerabilities. Use reliable antivirus and anti-malware software to help identify and block malicious websites. If your computer is already infected, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate all threats.
Text in the fake message displayed by the page:
Attention!
MacOS Security Cneter has identified that your system is under threat. Please scan your MacOS as soon as possible to avoid more damage.
Don’t leave this page until you have undertaken all the suggested steps by authorised Antivirus.
Another variant of "MacOS Security Center" pop-up scam:
Text presented within:
MacOS Security Center
Address IP: -
Location: -
ISP: -Access to this PC has been blocked for security reasons.
Call Apple Support: +1-855-399-1066MacOS Security
Instant automatic malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.
Quick menu:
- What is "MacOS Security Center"?
- STEP 1. Remove PUA related files and folders from OSX.
- STEP 2. Remove rogue extensions from Safari.
- STEP 3. Remove rogue add-ons from Google Chrome.
- STEP 4. Remove potentially unwanted plug-ins from Mozilla Firefox.
Video showing how to remove adware and browser hijackers from a Mac computer:
Potentially unwanted applications removal:
Remove potentially unwanted applications from your "Applications" folder:
Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX","NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.
Remove adware-related files and folders
Click the Finder icon, from the menu bar. Choose Go, and click Go to Folder...
Check for adware generated files in the /Library/LaunchAgents/ folder:
In the Go to Folder... bar, type: /Library/LaunchAgents/
In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.
Check for adware generated files in the ~/Library/Application Support/ folder:
In the Go to Folder... bar, type: ~/Library/Application Support/
In the "Application Support" folder, look for any recently-added suspicious folders. For example, "MplayerX" or "NicePlayer", and move these folders to the Trash.
Check for adware generated files in the ~/Library/LaunchAgents/ folder:
In the Go to Folder... bar, type: ~/Library/LaunchAgents/
In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.
Check for adware generated files in the /Library/LaunchDaemons/ folder:
In the "Go to Folder..." bar, type: /Library/LaunchDaemons/
In the "LaunchDaemons" folder, look for recently-added suspicious files. For example "com.aoudad.net-preferences.plist", "com.myppes.net-preferences.plist", "com.kuklorest.net-preferences.plist", "com.avickUpd.plist", etc., and move them to the Trash.
Scan your Mac with Combo Cleaner:
If you have followed all the steps correctly, your Mac should be clean of infections. To ensure your system is not infected, run a scan with Combo Cleaner Antivirus. Download it HERE. After downloading the file, double click combocleaner.dmg installer. In the opened window, drag and drop the Combo Cleaner icon on top of the Applications icon. Now open your launchpad and click on the Combo Cleaner icon. Wait until Combo Cleaner updates its virus definition database and click the "Start Combo Scan" button.
Combo Cleaner will scan your Mac for malware infections. If the antivirus scan displays "no threats found" - this means that you can continue with the removal guide; otherwise, it's recommended to remove any found infections before continuing.
After removing files and folders generated by the adware, continue to remove rogue extensions from your Internet browsers.
Remove malicious extensions from Internet browsers
Remove malicious Safari extensions:
Open the Safari browser, from the menu bar, select "Safari" and click "Preferences...".
In the preferences window, select "Extensions" and look for any recently-installed suspicious extensions. When located, click the "Uninstall" button next to it/them. Note that you can safely uninstall all extensions from your Safari browser - none are crucial for regular browser operation.
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Safari.
Remove malicious extensions from Google Chrome:
Click the Chrome menu icon 
(at the top right corner of Google Chrome), select "More Tools" and click "Extensions". Locate all recently-installed suspicious extensions, select these entries and click "Remove".
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Google Chrome.
Remove malicious extensions from Mozilla Firefox:
Click the Firefox menu 
(at the top right corner of the main window) and select "Add-ons and themes". Click "Extensions", in the opened window locate all recently-installed suspicious extensions, click on the three dots and then click "Remove".
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Mozilla Firefox.
Frequently Asked Questions (FAQ)
What is a pop-up scam?
A pop-up scam is a deceitful strategy utilized on the internet to deceive users into performing specific actions. Typically, such scams involve counterfeit security alerts, prize notifications, or immediate demands for personal information or payment.
What is the purpose of a pop-up scam?
Pop-up scams aim to manipulate users into interacting with the pop-up content, which can result in them being directed to potentially malicious websites, sharing sensitive information, or becoming targets of fraudulent schemes.
Why do I encounter fake pop-ups?
Pop-up scams are commonly distributed via malicious websites, and most users find themselves redirected to these deceptive websites. They land on such sites due to the presence of malicious applications on their systems or when they visit websites utilizing rogue advertising networks, such as torrent sites or platforms that host illegal movie streams.
Will Combo Cleaner protect me from pop-up scams?
Combo Cleaner is designed to perform comprehensive scans of the websites you visit, allowing it to detect potentially malicious sites. This includes websites that are set up to spread pop-up scams within its detection capabilities. As a result, Combo Cleaner swiftly issues warnings and restricts access to these deceptive sites.
Outstanding!
▼ Show Discussion