The Fake MacOS Security Center Pop-up Scam Explained
Written by: Stelian Pilici
Published on:
You’re working on your Mac when suddenly an alarming pop-up appears from “MacOS Security Center” claiming your system is under threat. It insists you call a phone number immediately or download software to remove viruses and malware. This dire warning seems like a legitimate Mac alert, but don’t be fooled – it’s a devious scam.
The MacOS Security Center scam has spread rapidly through malicious ads and shady sites. The pop-ups are designed to instill panic that your Mac is infected. If you call the number or download what they recommend, you’ll compromise your system rather than fix it.
In this comprehensive guide, we’ll break down how this macOS scam works, what the real motives are, and most crucially, how to avoid falling victim.
This article contains:
Overview of the MacOS Security Center Scam
The MacOS Security Center scam preys on fears of malware and system vulnerabilities. The pop-ups display an alarming warning that viruses have been detected on your Mac.
To remove the claimed infection, you are given two options:
Call the listed support number for virus removal assistance.
Click to download recommended security software to detect and delete the viruses.
But here’s the catch – if you call the number or download what they suggest, you’ll be opening your Mac up to real threats, not fixing anything.
The phone number leads to fraudulent support scammers who can remotely access your Mac and steal data. And the software downloads contain adware, spyware, bots, or other types of malware.
This social engineering attack exploits fear to make users abandon caution and fall into the scam’s grasp. Stay vigilant against this dangerous Mac-targeted scheme.
How the MacOS Security Center Scam Works
Attackers have crafted this scam into a devious multi-stage operation to ensnare victims. Here’s an inside look at how it unfolds:
Stage 1 – Scare Tactic Pop-Under Ads
The scam starts with malicious popup ads served through shady ad networks. The ads evade blockers and use timers to appear after you’re on a site.
Once displayed, the pop-under ads show the dire security warnings pretending to be from MacOS Security Center to spark panic.
Stage 2 – Spoofed Apple Branding
The pop-ups mimic Apple’s aesthetics and security alert styles to look legit. Names like MacOS Security Center are chosen to sound like real Apple services.
Logos are copied, and the verbiage uses technical security language to seem credible.
Stage 3 – Social Engineering Manipulation
The text is designed to overwhelm users with urgent warnings that malware has already infected their Mac.
Threats of data theft, slow performance, and irreparable damage instill fear that users must take immediate action by calling the number or downloading software.
Stage 4 – Malware Download or Fake Support
If users call the number, they’ll be connected to smooth-talking support scammers pretending to be Apple. These scammers can install malware and gain remote access under the guise of removing infection.
If users click to download the security software, various malware will be deployed for adware, cryptomining, password stealing, and backdoors for further attacks.
Either option leaves the user worse off.
Stage 5 – Ongoing Abuse
Once malware is downloaded, attackers gain persistent access to:
Track browsing history, messages, and passwords
Inject endless popup ads
Secretly mine cryptocurrency
Brick devices for ransomware schemes
If users gave remote access, their financial and identity theft risks skyrocket. Ongoing fees can be coerced out of victims as well.
Avoiding MacOS Security Center Scams
Now that you know this scam’s misleading tactics, here are key ways to avoid becoming a victim:
Use ad and pop-up blockers to stop the scam ads from appearing in the first place.
If a Mac security alert pops up, don’t instantly panic. Verify it’s really from Apple before taking any action.
Never call or give remote access to unsolicited phone numbers claiming security threats.
Avoid downloading software from third-party sites or ads. Stick to the official App Store.
Keep your Mac’s software up-to-date and run anti-malware tools like MalwareBytes and Avira to block infections.
Use strong passwords and two-factor authentication on all accounts for an extra layer of security.
Make periodic backups of your Mac so you can easily wipe and restore if malware ever makes its way in.
What to Do if You Fell for This Scam
If you called the phone number or downloaded questionable software, take these steps to undo the damage:
Check browser extensions for anything unfamiliar that may have been installed as malware.
Reset your browsers like Safari and Chrome to default settings to undo unwanted changes.
Change passwords on all accounts that were accessible from your Mac.
Contact your bank if the scammers gained access to your financial accounts or credit cards.
Monitor all accounts closely for suspicious logins or activity indicating identity theft.
If you paid the scammers, report it to the FTC and contact your bank about potential fraud protections.
Though falling victim can lead to a headache, swift action can help contain the fallout and regain control of your Mac.
The End Goal of This Scam
Ultimately, the MacOS Security Center scam aims for two main monetization avenues:
1. Charging Victims for Fake Services
If users call the number, the support scammers pose as Apple technicians and fabricate problems to fix. They can charge exorbitant fees on credit cards for useless services.
2. Profiting From Malware Infections
If malware is downloaded, attackers profit through:
Ransomware payments
Cryptomining that utilizes device CPU and electricity
Spyware that snoops and sells user data
Banking trojans that capture financial account credentials
Reselling access to infected devices on dark web markets
This multi-pronged profit model makes the macOS scareware scam highly lucrative. But informed users are wise to their tricks.
Remove MacOS Security Center Pop-ups
This malware removal guide may appear overwhelming due to the number of steps and numerous programs that are being used. We have only written it this way to provide clear, detailed, and easy-to-understand instructions that anyone can use to remove malware for free. Please perform all the steps in the correct order. If you have any questions or doubts at any point, stop and ask for our assistance.
Profiles are used by IT admins in businesses to control the behavior of their Macs. These profiles can configure a Mac to do many different things, some of which are not otherwise possible. When it comes to home users, adware and browser hijackers are using the configuration profile to prevent users from removing malicious programs from the computer. This also prevents the user from changing that behavior in the browser’s settings.
In this first step, we will check your computer to see if any configuration profiles are installed. To do this, follow the below steps:
Open “System Preferences”
From the Apple menu, select System Preferences.
Search for “Profiles”
When the System Preferences window opens, search for the Profiles icon.
If there isn’t a Profiles icon, you don’t have any profiles installed, which is normal and you can continue with the next steps.
Remove the malicious profiles
If there’s a Profile icon, click on it and select any suspicious profile that you want to remove, and then press the – (minus) button. Click Remove to remove the profile.
STEP 2: Delete malicious apps
In this second step, we will try to identify and remove any malicious apps and files that might be installed on your computer. Sometimes redirects or adware programs can have usable Uninstall entries that can be used to remove these programs.
Quit the malicious programs
On the Apple menu bar, in the top-right corner, if you see any unknown or suspicious icon, click on it and then select Quit.
Open “Finder”
Click the Finder application on your dock.
Click on “Applications”
In the Finder left pane, click on “Applications“.
Find and remove the malicious app.
The “Applications” screen will be displayed with a list of all the apps installed on your device. Scroll through the list until you find the malicious app, right-click it, and then click “Move to Trash”.
Look out for any suspicious program that could be behind all the drama – anything you don’t remember downloading or that doesn’t sound like a genuine program. Here are some known malicious programs: SearchMine, TakeFresh, TopResults, FeedBack, ApplicationEvents, GeneralOpen, PowerLog, MessengerNow, ImagePrime, GeneralNetSearch, Reading Cursors, GlobalTechSearch, PDFOnline-express, See Scenic Elf, MatchKnowledge, Easy Speedtest, or WebDiscover.
Click “Empty Trash”
On the dock, right-click on the trash icon and select “Empty Trash”. Doing so deletes the Trash’s contents, including the program that you just sent to the Trash.
Find and remove the malicious files
Click the desktop to make sure you’re in the Finder, choose “Go” then click on “Go to Folder“.
Type or copy/paste each of the below paths into the window that opens, then click Go.
/Library/LaunchAgents
~/Library/LaunchAgents
/Library/Application Support
/Library/LaunchDaemons
Look out for any suspicious files that could be behind all the drama – anything you don’t remember downloading or that doesn’t sound like a genuine program. These are some known malicious files: “com.adobe.fpsaud.plist” “installmac.AppRemoval.plist”, “myppes.download.plist”, “mykotlerino.ltvbit.plist”, or “com.myppes.net-preferences.plist”. When you find a malicious file move it to the Trash.
STEP 3: Reset browsers back to default settings
In this third step, we will remove spam push notifications and malicious extensions, and change to default any settings that might have been changed by malware. For each browser that you have installed on your computer, please click on the tab below and follow the displayed steps to reset that browser.
Safari BrowserChrome for Mac BrowserFirefox for Mac Browser
Remove malicious extensions and settings from Safari
To remove malware from Safari we will check if there are any malicious extensions installed on your browser and what settings have been changed by this malicious program.
Go to Safari’s “Preferences”.
On the menu bar, click the “Safari” menu and select “Preferences”.
Check Homepage.
This will open a new window with your Safari preferences, opened to the “General” tab. Some browser hijackers may change your default homepage, so in the Homepage field make sure it’s a web page you want to use as your start-up page.
Click “Extensions”
Next, click on the “Extensions” tab.
Find and uninstall malicious extensions.
The “Extensions” screen will be displayed with a list of all the extensions installed on Safari. Look out for any suspicious browser extension that could be behind all the drama – anything you don’t remember downloading or that doesn’t sound like a genuine extension. By default, there are no extensions installed on Safari so it’s safe to remove an extension
Remove spam notifications ads
Click Preferences, click Websites, then click Notifications. Deselect “Allow websites to ask for permission to send push notifications”.
Remove all data stored by websites on your computer.
In the Safari menu, choose “Preferences…”, select “Privacy” at the top of the new window that appears, and then click the “Manage Website Data” button.
In the next dialog box, click “Remove All“. It will ask you if you are sure you want to remove all data stored by websites on your computer. Select “Remove Now” to clear data that could be used to track your browsing.
Empty Safari Caches.
From your Safari menu bar, click Safari and select Preferences, then select the Advanced tab. Enable the checkbox to “Show Develop menu in menu bar“.
From the menu bar select Develop, then click on Empty Caches as seen in the image below.
Remove malware from Chrome for Mac
To remove malware from Chrome for Mac we will reset the browser settings to their default. Doing these steps will erase all configuration information from Chrome such as your home page, tab settings, saved form information, browsing history, and cookies. This process will also disable any installed extensions. All of your bookmarks, though, will be preserved.
Click on the three dots at the top right and go to Settings.
Click on Chrome’s main menu button, represented by three dots at the top right corner. Now click on the menu option labeled Settings as shown by the arrow in the picture below, which will open the basic settings screen.
In the left sidebar, click on the “Reset and Cleanup” option.
In the left sidebar, click on “Reset and clean up“.
Click “Reset settings to their original defaults”.
Now click on the “Reset settings to their original defaults”. link as shown in the image below.
Click “Reset Settings” button.
A confirmation dialog should now be displayed, detailing the components that will be restored to their default state should you continue with the reset process. To complete the restoration process, click on the “Reset Settings” button.
(Optional) Reset Chrome Data Sync.
In case a malicious extension reinstalls itself even after performing a browser reset, you have an additional option to reset the data sync for your browser. To do this, navigate to chrome.google.com/sync and click on the Clear Data button.
Remove malware from Firefox for Mac
To remove malware from Firefox for Mac we will reset the browser settings to its default. The reset feature fixes many issues by restoring Firefox to its factory default state while saving your essential information like bookmarks, passwords, web form auto-fill information, browsing history, and open tabs.
Go to the “Help” menu.
Click on Firefox’s main menu button, represented by three horizontal lines. When the drop-down menu appears, select the option labeled “Help“.
Click “Troubleshooting Information”.
Next click on the “Troubleshooting Information” option as indicated by the arrow in the image below. This will bring you to a Troubleshooting page.
Click on “Refresh Firefox”
Click the “Refresh Firefox” button in the upper-right corner of the “Troubleshooting Information” page.
Confirm.
To continue, click on the “Refresh Firefox” button in the new confirmation window that opens.
Click on “Finish”.
Firefox will close itself and will revert to its default settings. When it’s done, a window will list the information that was imported. Click on the “Finish“.
Your old Firefox profile will be placed on your desktop in a folder named “Old Firefox Data“. If the reset didn’t fix your problem you can restore some of the information not saved by copying files to the new profile that was created. If you don’t need this folder any longer, you should delete it as it contains sensitive information.
STEP 4: Run a scan with Malwarebytes for Mac to remove malware
In this final step, we will scan the computer with Malwarebytes for Mac to find and remove any malicious programs that might be installed on your Mac.
Malwarebytes for Mac is an on-demand scanner that can destroy many types of malware that other software tends to miss without costing you absolutely anything. When it comes to cleaning up an infected device, Malwarebytes has always been free, and we recommend it as an essential tool in the fight against malware.
Download Malwarebytes for Mac.
You can download Malwarebytes for Mac by clicking the link below.
When Malwarebytes has finished downloading, double-click on the setup file to install Malwarebytes on your computer. In most cases, downloaded files are saved to the Downloads folder.
Follow the on-screen prompts to install Malwarebytes.
When the Malwarebytes installation begins, you will see the Malwarebytes for Mac Installer which will guide you through the installation process. Click “Continue“, then keep following the prompts to continue with the installation process.
When your Malwarebytes installation completes, the program opens to the Welcome to Malwarebytes screen. Click the “Get started” button.
Select “Personal Computer” or “Work Computer”.
The Malwarebytes Welcome screen will first ask you what type of computer are you installing this program, click either Personal Computer or Work Computer.
Click on “Scan”.
To scan your computer with Malwarebytes, click on the “Scan” button. Malwarebytes for Mac will automatically update the antivirus database and start scanning your computer for malware.
Wait for the Malwarebytes scan to complete.
Malwarebytes will scan your computer for adware, browser hijackers, and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Quarantine”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes has detected. To remove the malware that Malwarebytes has found, click on the “Quarantine” button.
Restart computer.
Malwarebytes will now remove all the malicious files that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your computer.
Closing Thoughts
Pop-up scams that instill urgency via fake security warnings threaten all platforms – including Macs. But understanding the social engineering tactics allows you to recognize and avoid the scam.
No legitimate Mac security alert will demand immediate software downloads or phone calls. Use caution rather than haste if faced with a dire-sounding pop-up.
With proper precautions, you can keep your Mac free of bugs and infections – without fear of alarmist security scams trying to fool you. Don’t let them prey on fear.
Frequently Asked Questions
What is the MacOS Security Center pop-up scam?
This is a deceptive pop-up that pretends to be from MacOS Security Center claiming malware was detected on your Mac. It tells you to call a number or download software to remove the infection, which actually spreads malware instead.
How does the pop-up appear on my Mac?
It shows up through malicious third-party ads on shady websites. The pop-under ads are designed to look like real macOS virus warnings.
What happens if I call the phone number in the pop-up?
You’ll be connected to an illegitimate support scammer pretending to be Apple. They can remotely access your Mac under the guise of removing infections and steal data or install malware.
What happens if I download their recommended security software?
The software will contain malware, not real virus protection. It will infect your Mac with adware, spyware, cryptominers, password stealers, or other threats.
What’s the end goal of this scam?
The scammers want to charge victims money for fake services, or profit by selling user data, spreading ransomware, cryptomining, and reselling access to infected devices.
Can I trust Mac security pop-up warnings?
No, legitimate Mac alerts would never tell you to call a third-party number or download software from outside the App Store. Assume pop-up warnings are scams.
How can I remove malware if I fell for this?
Disconnect from the internet, boot in safe mode, run anti-malware scans, check for unwanted extensions/apps, reset browser settings, change compromised passwords, and monitor accounts closely for unauthorized access.
How can I avoid this scam in the future?
Use ad blockers, don’t call or click on pop-ups, keep Mac software updated, run anti-malware tools, avoid shady sites, and refrain from downloading outside the App Store.
How to Stay Safe Online
Here are 10 basic security tips to help you avoid malware and protect your device:
Use a good antivirus and keep it up-to-date.
It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.
Keep software and operating systems up-to-date.
Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.
Be careful when installing programs and apps.
Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."
Install an ad blocker.
Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.
Be careful what you download.
A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.
Be alert for people trying to trick you.
Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.
Back up your data.
Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.
Choose strong passwords.
Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.
Be careful where you click.
Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.
Don't use pirated software.
Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.
To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.
Meet Stelian Pilici
Stelian leverages over a decade of cybersecurity expertise to lead malware analysis and removal, uncover scams, and educate people. His experience provides insightful analysis and valuable perspective.