The Fake MacOS Security Center Pop-up Scam Explained

You’re working on your Mac when suddenly an alarming pop-up appears from “MacOS Security Center” claiming your system is under threat. It insists you call a phone number immediately or download software to remove viruses and malware. This dire warning seems like a legitimate Mac alert, but don’t be fooled – it’s a devious scam.

The MacOS Security Center scam has spread rapidly through malicious ads and shady sites. The pop-ups are designed to instill panic that your Mac is infected. If you call the number or download what they recommend, you’ll compromise your system rather than fix it.

In this comprehensive guide, we’ll break down how this macOS scam works, what the real motives are, and most crucially, how to avoid falling victim.

This article contains:

Overview of the MacOS Security Center Scam

The MacOS Security Center scam preys on fears of malware and system vulnerabilities. The pop-ups display an alarming warning that viruses have been detected on your Mac.

To remove the claimed infection, you are given two options:

Call the listed support number for virus removal assistance.
Click to download recommended security software to detect and delete the viruses.

But here’s the catch – if you call the number or download what they suggest, you’ll be opening your Mac up to real threats, not fixing anything.

The phone number leads to fraudulent support scammers who can remotely access your Mac and steal data. And the software downloads contain adware, spyware, bots, or other types of malware.

This social engineering attack exploits fear to make users abandon caution and fall into the scam’s grasp. Stay vigilant against this dangerous Mac-targeted scheme.

How the MacOS Security Center Scam Works

Attackers have crafted this scam into a devious multi-stage operation to ensnare victims. Here’s an inside look at how it unfolds:

Stage 1 – Scare Tactic Pop-Under Ads

The scam starts with malicious popup ads served through shady ad networks. The ads evade blockers and use timers to appear after you’re on a site.

Once displayed, the pop-under ads show the dire security warnings pretending to be from MacOS Security Center to spark panic.

Stage 2 – Spoofed Apple Branding

The pop-ups mimic Apple’s aesthetics and security alert styles to look legit. Names like MacOS Security Center are chosen to sound like real Apple services.

Logos are copied, and the verbiage uses technical security language to seem credible.

Stage 3 – Social Engineering Manipulation

The text is designed to overwhelm users with urgent warnings that malware has already infected their Mac.

Threats of data theft, slow performance, and irreparable damage instill fear that users must take immediate action by calling the number or downloading software.

Stage 4 – Malware Download or Fake Support

If users call the number, they’ll be connected to smooth-talking support scammers pretending to be Apple. These scammers can install malware and gain remote access under the guise of removing infection.

If users click to download the security software, various malware will be deployed for adware, cryptomining, password stealing, and backdoors for further attacks.

Either option leaves the user worse off.

Stage 5 – Ongoing Abuse

Once malware is downloaded, attackers gain persistent access to:

Track browsing history, messages, and passwords
Inject endless popup ads
Secretly mine cryptocurrency
Brick devices for ransomware schemes

If users gave remote access, their financial and identity theft risks skyrocket. Ongoing fees can be coerced out of victims as well.

Avoiding MacOS Security Center Scams

Now that you know this scam’s misleading tactics, here are key ways to avoid becoming a victim:

Use ad and pop-up blockers to stop the scam ads from appearing in the first place.
If a Mac security alert pops up, don’t instantly panic. Verify it’s really from Apple before taking any action.
Never call or give remote access to unsolicited phone numbers claiming security threats.
Avoid downloading software from third-party sites or ads. Stick to the official App Store.
Keep your Mac’s software up-to-date and run anti-malware tools like MalwareBytes and Avira to block infections.
Use strong passwords and two-factor authentication on all accounts for an extra layer of security.
Make periodic backups of your Mac so you can easily wipe and restore if malware ever makes its way in.

What to Do if You Fell for This Scam

If you called the phone number or downloaded questionable software, take these steps to undo the damage:

Check browser extensions for anything unfamiliar that may have been installed as malware.
Reset your browsers like Safari and Chrome to default settings to undo unwanted changes.
Change passwords on all accounts that were accessible from your Mac.
Contact your bank if the scammers gained access to your financial accounts or credit cards.
Monitor all accounts closely for suspicious logins or activity indicating identity theft.
If you paid the scammers, report it to the FTC and contact your bank about potential fraud protections.

Though falling victim can lead to a headache, swift action can help contain the fallout and regain control of your Mac.

The End Goal of This Scam

Ultimately, the MacOS Security Center scam aims for two main monetization avenues:

1. Charging Victims for Fake Services

If users call the number, the support scammers pose as Apple technicians and fabricate problems to fix. They can charge exorbitant fees on credit cards for useless services.

2. Profiting From Malware Infections

If malware is downloaded, attackers profit through:

Ransomware payments
Cryptomining that utilizes device CPU and electricity
Spyware that snoops and sells user data
Banking trojans that capture financial account credentials
Reselling access to infected devices on dark web markets

This multi-pronged profit model makes the macOS scareware scam highly lucrative. But informed users are wise to their tricks.

Remove MacOS Security Center Pop-ups

This malware removal guide may appear overwhelming due to the number of steps and numerous programs that are being used. We have only written it this way to provide clear, detailed, and easy-to-understand instructions that anyone can use to remove malware for free.
Please perform all the steps in the correct order. If you have any questions or doubts at any point, stop and ask for our assistance.

STEP 1: Remove malicious profiles
STEP 2: Delete malicious apps
STEP 3: Reset browsers back to default settings
STEP 4: Run a scan with Malwarebytes for Mac to remove malware

STEP 1: Remove malicious profiles

Profiles are used by IT admins in businesses to control the behavior of their Macs. These profiles can configure a Mac to do many different things, some of which are not otherwise possible.
When it comes to home users, adware and browser hijackers are using the configuration profile to prevent users from removing malicious programs from the computer. This also prevents the user from changing that behavior in the browser’s settings.

In this first step, we will check your computer to see if any configuration profiles are installed. To do this, follow the below steps:

Open “System Preferences”

From the Apple menu, select System Preferences.
Search for “Profiles”

When the System Preferences window opens, search for the Profiles icon.

If there isn’t a Profiles icon, you don’t have any profiles installed, which is normal and you can continue with the next steps.
Remove the malicious profiles

If there’s a Profile icon, click on it and select any suspicious profile that you want to remove, and then press the – (minus) button. Click Remove to remove the profile.

STEP 2: Delete malicious apps

In this second step, we will try to identify and remove any malicious apps and files that might be installed on your computer. Sometimes redirects or adware programs can have usable Uninstall entries that can be used to remove these programs.

Quit the malicious programs

On the Apple menu bar, in the top-right corner, if you see any unknown or suspicious icon, click on it and then select Quit.
Open “Finder”

Click the Finder application on your dock.
Click on “Applications”

In the Finder left pane, click on “Applications“.
Find and remove the malicious app.

The “Applications” screen will be displayed with a list of all the apps installed on your device. Scroll through the list until you find the malicious app, right-click it, and then click “Move to Trash”.

Look out for any suspicious program that could be behind all the drama – anything you don’t remember downloading or that doesn’t sound like a genuine program. Here are some known malicious programs: SearchMine, TakeFresh, TopResults, FeedBack, ApplicationEvents, GeneralOpen, PowerLog, MessengerNow, ImagePrime, GeneralNetSearch, Reading Cursors, GlobalTechSearch, PDFOnline-express, See Scenic Elf, MatchKnowledge, Easy Speedtest, or WebDiscover.
Click “Empty Trash”

On the dock, right-click on the trash icon and select “Empty Trash”. Doing so deletes the Trash’s contents, including the program that you just sent to the Trash.
Find and remove the malicious files
1. Click the desktop to make sure you’re in the Finder, choose “Go” then click on “Go to Folder“.
2. Type or copy/paste each of the below paths into the window that opens, then click Go.
  - /Library/LaunchAgents
  - ~/Library/LaunchAgents
  - /Library/Application Support
  - /Library/LaunchDaemons
3. Look out for any suspicious files that could be behind all the drama – anything you don’t remember downloading or that doesn’t sound like a genuine program. These are some known malicious files: “com.adobe.fpsaud.plist” “installmac.AppRemoval.plist”, “myppes.download.plist”, “mykotlerino.ltvbit.plist”, or “com.myppes.net-preferences.plist”. When you find a malicious file move it to the Trash.

STEP 3: Reset browsers back to default settings

In this third step, we will remove spam push notifications and malicious extensions, and change to default any settings that might have been changed by malware.
For each browser that you have installed on your computer, please click on the tab below and follow the displayed steps to reset that browser.

Safari BrowserChrome for Mac BrowserFirefox for Mac Browser

Remove malicious extensions and settings from Safari

To remove malware from Safari we will check if there are any malicious extensions installed on your browser and what settings have been changed by this malicious program.

Go to Safari’s “Preferences”.

On the menu bar, click the “Safari” menu and select “Preferences”.
Check Homepage.

This will open a new window with your Safari preferences, opened to the “General” tab. Some browser hijackers may change your default homepage, so in the Homepage field make sure it’s a web page you want to use as your start-up page.
Click “Extensions”

Next, click on the “Extensions” tab.
Find and uninstall malicious extensions.

The “Extensions” screen will be displayed with a list of all the extensions installed on Safari. Look out for any suspicious browser extension that could be behind all the drama – anything you don’t remember downloading or that doesn’t sound like a genuine extension. By default, there are no extensions installed on Safari so it’s safe to remove an extension
Remove spam notifications ads

Click Preferences, click Websites, then click Notifications. Deselect “Allow websites to ask for permission to send push notifications”.
Remove all data stored by websites on your computer.

In the Safari menu, choose “Preferences…”, select “Privacy” at the top of the new window that appears, and then click the “Manage Website Data” button.

In the next dialog box, click “Remove All“. It will ask you if you are sure you want to remove all data stored by websites on your computer. Select “Remove Now” to clear data that could be used to track your browsing.
Empty Safari Caches.

From your Safari menu bar, click Safari and select Preferences, then select the Advanced tab. Enable the checkbox to “Show Develop menu in menu bar“.

From the menu bar select Develop, then click on Empty Caches as seen in the image below.

Remove malware from Chrome for Mac

To remove malware from Chrome for Mac we will reset the browser settings to their default. Doing these steps will erase all configuration information from Chrome such as your home page, tab settings, saved form information, browsing history, and cookies. This process will also disable any installed extensions. All of your bookmarks, though, will be preserved.

Click on the three dots at the top right and go to Settings.
Click on Chrome’s main menu button, represented by three dots at the top right corner. Now click on the menu option labeled Settings as shown by the arrow in the picture below, which will open the basic settings screen.
In the left sidebar, click on the “Reset and Cleanup” option.
In the left sidebar, click on “Reset and clean up“.
Click “Reset settings to their original defaults”.
Now click on the “Reset settings to their original defaults”. link as shown in the image below.
Click “Reset Settings” button.
A confirmation dialog should now be displayed, detailing the components that will be restored to their default state should you continue with the reset process. To complete the restoration process, click on the “Reset Settings” button.
(Optional) Reset Chrome Data Sync.
In case a malicious extension reinstalls itself even after performing a browser reset, you have an additional option to reset the data sync for your browser. To do this, navigate to chrome.google.com/sync and click on the Clear Data button.

Remove malware from Firefox for Mac

To remove malware from Firefox for Mac we will reset the browser settings to its default. The reset feature fixes many issues by restoring Firefox to its factory default state while saving your essential information like bookmarks, passwords, web form auto-fill information, browsing history, and open tabs.

Go to the “Help” menu.

Click on Firefox’s main menu button, represented by three horizontal lines. When the drop-down menu appears, select the option labeled “Help“.
Click “Troubleshooting Information”.

Next click on the “Troubleshooting Information” option as indicated by the arrow in the image below. This will bring you to a Troubleshooting page.
Click on “Refresh Firefox”

Click the “Refresh Firefox” button in the upper-right corner of the “Troubleshooting Information” page.
Confirm.

To continue, click on the “Refresh Firefox” button in the new confirmation window that opens.
Click on “Finish”.

Firefox will close itself and will revert to its default settings. When it’s done, a window will list the information that was imported. Click on the “Finish“.

Your old Firefox profile will be placed on your desktop in a folder named “Old Firefox Data“. If the reset didn’t fix your problem you can restore some of the information not saved by copying files to the new profile that was created. If you don’t need this folder any longer, you should delete it as it contains sensitive information.

STEP 4: Run a scan with Malwarebytes for Mac to remove malware

In this final step, we will scan the computer with Malwarebytes for Mac to find and remove any malicious programs that might be installed on your Mac.

Malwarebytes for Mac is an on-demand scanner that can destroy many types of malware that other software tends to miss without costing you absolutely anything. When it comes to cleaning up an infected device, Malwarebytes has always been free, and we recommend it as an essential tool in the fight against malware.

Download Malwarebytes for Mac.

You can download Malwarebytes for Mac by clicking the link below.

MALWAREBYTES FOR MAC DOWNLOAD LINK
(The above link will open a new page from where you can download Malwarebytes for Mac)
Double-click on the Malwarebytes setup file.

When Malwarebytes has finished downloading, double-click on the setup file to install Malwarebytes on your computer. In most cases, downloaded files are saved to the Downloads folder.
Follow the on-screen prompts to install Malwarebytes.

When the Malwarebytes installation begins, you will see the Malwarebytes for Mac Installer which will guide you through the installation process. Click “Continue“, then keep following the prompts to continue with the installation process.

When your Malwarebytes installation completes, the program opens to the Welcome to Malwarebytes screen. Click the “Get started” button.
Select “Personal Computer” or “Work Computer”.

The Malwarebytes Welcome screen will first ask you what type of computer are you installing this program, click either Personal Computer or Work Computer.
Click on “Scan”.

To scan your computer with Malwarebytes, click on the “Scan” button. Malwarebytes for Mac will automatically update the antivirus database and start scanning your computer for malware.
Wait for the Malwarebytes scan to complete.

Malwarebytes will scan your computer for adware, browser hijackers, and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Quarantine”.

When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes has detected. To remove the malware that Malwarebytes has found, click on the “Quarantine” button.
Restart computer.

Malwarebytes will now remove all the malicious files that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your computer.

Closing Thoughts

Pop-up scams that instill urgency via fake security warnings threaten all platforms – including Macs. But understanding the social engineering tactics allows you to recognize and avoid the scam.

No legitimate Mac security alert will demand immediate software downloads or phone calls. Use caution rather than haste if faced with a dire-sounding pop-up.

With proper precautions, you can keep your Mac free of bugs and infections – without fear of alarmist security scams trying to fool you. Don’t let them prey on fear.

Frequently Asked Questions

What is the MacOS Security Center pop-up scam?

This is a deceptive pop-up that pretends to be from MacOS Security Center claiming malware was detected on your Mac. It tells you to call a number or download software to remove the infection, which actually spreads malware instead.

How does the pop-up appear on my Mac?

It shows up through malicious third-party ads on shady websites. The pop-under ads are designed to look like real macOS virus warnings.

What happens if I call the phone number in the pop-up?

You’ll be connected to an illegitimate support scammer pretending to be Apple. They can remotely access your Mac under the guise of removing infections and steal data or install malware.

What happens if I download their recommended security software?

The software will contain malware, not real virus protection. It will infect your Mac with adware, spyware, cryptominers, password stealers, or other threats.

What’s the end goal of this scam?

The scammers want to charge victims money for fake services, or profit by selling user data, spreading ransomware, cryptomining, and reselling access to infected devices.

Can I trust Mac security pop-up warnings?

No, legitimate Mac alerts would never tell you to call a third-party number or download software from outside the App Store. Assume pop-up warnings are scams.

How can I remove malware if I fell for this?

Disconnect from the internet, boot in safe mode, run anti-malware scans, check for unwanted extensions/apps, reset browser settings, change compromised passwords, and monitor accounts closely for unauthorized access.

How can I avoid this scam in the future?

Use ad blockers, don’t call or click on pop-ups, keep Mac software updated, run anti-malware tools, avoid shady sites, and refrain from downloading outside the App Store.

Here are 10 basic security tips to help you avoid malware and protect your device:

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.