Avoid getting scammed by websites claiming "Your Apple May Be Not Safe!"
Written by Tomas Meskauskas on
What kind of scam is "Your Apple May Be Not Safe!"?
Our research team discovered the "Your Apple May Be Not Safe!" scam while investigating untrustworthy websites. It states that the data stored on the visitor's iPhone might have been stolen through recently visited suspicious sites. These claims are false, and this content is in no way associated with any legitimate entities.
"Your Apple May Be Not Safe!" scam overview
There may be slight appearance differences in the "Your Apple May Be Not Safe!" scam depending on the device used by the visitor (i.e., smartphone or computer).
The user can be presented with a pop-up window alerting them of potential suspect activity discovered on websites that they have recently visited. The pop-up tells the visitor to close it and complete the following instructions.
Once closed, the scam displays another pop-up window. This one claims that the user's iPhone data may have been stolen via suspicious websites that they have browsed. As a protective measure, all linked devices might get blocked to prevent further data leaks. The visitor is encouraged to install the recommended "ad security and VPN application". This pop-up includes a countdown timer to create a sense of urgency.
Typically, scams of this kind are used to endorse unreliable, fraudulent, and possibly harmful software. Although, at the time of research, "Your Apple May Be Not Safe!" failed to redirect to an operational page. However, the redirect might be successful since that may be impacted by the visitor's geolocation or other factors. Likewise, the scammers behind this fake alert could rectify this, and visitors will be redirected to software-promoting webpages without issue.
Scams like "Your Apple May Be Not Safe!" primarily push fake anti-viruses, adware, browser hijackers, and PUAs (Potentially Unwanted Applications). In rare instances, these scare tactics are used to proliferate malware (e.g., ransomware, trojans, cryptocurrency miners, etc.).
Another uncommon but potential scenario is for a scam to lead users to the official websites of legitimate products/services. This promotion is undertaken by scammers seeking to acquire illegitimate commissions through the abuse of the content's affiliate programs.
In summary, by trusting a scam like "Your Apple May Be Not Safe!" – users can experience system infections, serious privacy issues, financial losses, and even identity theft.
| Name | "Your Apple May Be Not Safe!" pop-up |
| Threat Type | Phishing, Scam, Mac malware, Mac virus |
| Fake Claim | Visitor's iPhone data might have been compromised due to recently visited suspicious websites. |
| Related Domain(s) | errolandtessa[.]com |
| Detection Names (errolandtessa[.]com) | Avira (Malware), Full List (VirusTotal) |
| Serving IP Address (errolandtessa[.]com) | 195.201.108.83 |
| Symptoms | Your Mac becomes slower than normal, you see unwanted pop-up ads, you are redirected to dubious websites. |
| Distribution methods | Deceptive pop-up ads, free software installers (bundling), torrent file downloads. |
| Damage | Internet browser tracking (potential privacy issues), display of unwanted ads, redirects to dubious websites, loss of private information. |
| Malware Removal (Mac) | To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. |
Similar scam examples
We have analyzed thousands of online scams; "Access To This MAC Has Been Blocked", store-notifications[.]online, "Your Device Apple iPhone Has Been Hacked", and "Apple Security Center" are just some examples of ones targeting Apple users.
Various scam models are used to gain and subsequently abuse victims' trust. The goals of deceptive online content can vary as well; some promote software, others target sensitive information, or aim to lure users into transferring money, and so forth.
It must be stressed that due to how prevalent deceptive/malicious content is on the Internet – we strongly recommend exercising caution while browsing.
How did I open a scam website?
Scam pages can be force-opened the moment a website that utilizes rogue advertising networks is accessed. Alternatively, the latter may generate redirects to deceptive webpages when hosted content is interacted with (e.g., clicking buttons, text input fields, links, ads, etc.).
Misspelling a website's URL can also result in a redirect (or a redirection chain leading) to such a webpage. Online scams are promoted through intrusive advertisements and spam browser notifications as well.
Spam mail (e.g., email, DM/PM, SMS, forum post, etc.) is also used for this purpose. Additionally, adware installed on a device may display scam-promoting adverts or force-open pages hosting them.
How to avoid visiting scam websites?
Since deceptive and dangerous online content usually appears legitimate and harmless – it is essential to be vigilant when browsing.
We advise against using sites that offer pirated programs/media or other questionable services (e.g., illegal streaming/downloading, Torrenting, etc.), as these webpages are typically monetized via rogue advertising networks.
Always pay attention to URLs and enter them with care. To avoid receiving undesirable browser notifications – do not permit dubious websites to deliver them (i.e., do not click "Allow", "Allow Notifications", etc.). Instead, deny notification delivery from such pages (i.e., select "Block", "Block Notifications", etc.) or ignore these requests altogether.
We strongly advise downloading only from official/trustworthy sources and approaching installations with caution (e.g., by reading terms, using "Custom/Advanced" settings, opting out of additional apps, extensions, tools, etc.) – to avoid inadvertently permitting bundled/harmful content into the device.
If your computer is already infected, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate all threats.
Screenshot of the scam's initial pop-up window as displayed on a computer:
Text presented in this pop-up:
Attention!
There may be suspicious activity on sites you have just visited. Close this notification and follow the instructions.
Screenshot of the scam's second pop-up window as displayed on a computer:
Text presented in this pop-up:
Your Apple may be not safe!
Due to recent surfing on some suspicious sites, your data on iPhone device may have been stolen. Devices related to this device could be blocked if data is leaked.
Install trusted ad security and VPN application to activate protection from possible loss or leakages.
Appearance of the "Your Apple May Be Not Safe!" pop-up scam (GIF):
To enable pop-up blocking, fraudulent website warnings, and remove web browsing data in mobile Apple devices, follow these steps:
First, go to "Settings", and then scroll down to find and tap "Safari".
Check if the "Block Pop-ups" and "Fraudulent Website Warning" toggles are enabled. If not, enable them immediately. Then, scroll down and tap "Advanced".
Tap "Website Data" and then "Remove All Website Data".
Instant automatic Mac malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.
Quick menu:
- What is "Your Apple May Be Not Safe!"?
- STEP 1. Remove PUA related files and folders from OSX.
- STEP 2. Remove rogue extensions from Safari.
- STEP 3. Remove rogue add-ons from Google Chrome.
- STEP 4. Remove potentially unwanted plug-ins from Mozilla Firefox.
Video showing how to remove adware and browser hijackers from a Mac computer:
Potentially unwanted applications removal:
Remove potentially unwanted applications from your "Applications" folder:
Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX","NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.
Remove adware-related files and folders
Click the Finder icon, from the menu bar. Choose Go, and click Go to Folder...
Check for adware generated files in the /Library/LaunchAgents/ folder:
In the Go to Folder... bar, type: /Library/LaunchAgents/
In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.
Check for adware generated files in the ~/Library/Application Support/ folder:
In the Go to Folder... bar, type: ~/Library/Application Support/
In the "Application Support" folder, look for any recently-added suspicious folders. For example, "MplayerX" or "NicePlayer", and move these folders to the Trash.
Check for adware generated files in the ~/Library/LaunchAgents/ folder:
In the Go to Folder... bar, type: ~/Library/LaunchAgents/
In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.
Check for adware generated files in the /Library/LaunchDaemons/ folder:
In the "Go to Folder..." bar, type: /Library/LaunchDaemons/
In the "LaunchDaemons" folder, look for recently-added suspicious files. For example "com.aoudad.net-preferences.plist", "com.myppes.net-preferences.plist", "com.kuklorest.net-preferences.plist", "com.avickUpd.plist", etc., and move them to the Trash.
Scan your Mac with Combo Cleaner:
If you have followed all the steps correctly, your Mac should be clean of infections. To ensure your system is not infected, run a scan with Combo Cleaner Antivirus. Download it HERE. After downloading the file, double click combocleaner.dmg installer. In the opened window, drag and drop the Combo Cleaner icon on top of the Applications icon. Now open your launchpad and click on the Combo Cleaner icon. Wait until Combo Cleaner updates its virus definition database and click the "Start Combo Scan" button.
Combo Cleaner will scan your Mac for malware infections. If the antivirus scan displays "no threats found" - this means that you can continue with the removal guide; otherwise, it's recommended to remove any found infections before continuing.
After removing files and folders generated by the adware, continue to remove rogue extensions from your Internet browsers.
Remove malicious extensions from Internet browsers
Remove malicious Safari extensions:
Open the Safari browser, from the menu bar, select "Safari" and click "Preferences...".
In the preferences window, select "Extensions" and look for any recently-installed suspicious extensions. When located, click the "Uninstall" button next to it/them. Note that you can safely uninstall all extensions from your Safari browser - none are crucial for regular browser operation.
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Safari.
Remove malicious extensions from Google Chrome:
Click the Chrome menu icon 
(at the top right corner of Google Chrome), select "More Tools" and click "Extensions". Locate all recently-installed suspicious extensions, select these entries and click "Remove".
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Google Chrome.
Remove malicious extensions from Mozilla Firefox:
Click the Firefox menu 
(at the top right corner of the main window) and select "Add-ons and themes". Click "Extensions", in the opened window locate all recently-installed suspicious extensions, click on the three dots and then click "Remove".
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Mozilla Firefox.
Frequently Asked Questions (FAQ)
What is a pop-up scam?
Basically, pop-up scams are messages intended to deceive users into performing specific actions. For example, victims can be tricked into calling fake support lines, transferring funds, disclosing vulnerable information, downloading/installing software, purchasing products, subscribing to services, etc.
What is the purpose of a pop-up scam?
Pop-up scams aim to generate revenue for their designers. Cyber criminals profit mainly by obtaining funds through deception, selling or abusing sensitive data, promoting content, and spreading malware.
Why do I encounter fake pop-ups?
Pop-up scams are run on deceptive webpages. They are most commonly accessed via redirects generated by sites using rogue advertising networks, mistyped URLs, spam browser notifications, intrusive ads, or installed adware.
Will Combo Cleaner protect me from pop-up scams?
Combo Cleaner can scan the websites you visit and detect scam/malicious ones. Additionally, Combo Cleaner can restrict all further access to such sites.
Outstanding!
▼ Show Discussion