The Fake MacOS Security Center Pop-up Scam Explained

You’re working on your Mac when suddenly an alarming pop-up appears from “MacOS Security Center” claiming your system is under threat. It insists you call a phone number immediately or download software to remove viruses and malware. This dire warning seems like a legitimate Mac alert, but don’t be fooled – it’s a devious scam.

The MacOS Security Center scam has spread rapidly through malicious ads and shady sites. The pop-ups are designed to instill panic that your Mac is infected. If you call the number or download what they recommend, you’ll compromise your system rather than fix it.

In this comprehensive guide, we’ll break down how this macOS scam works, what the real motives are, and most crucially, how to avoid falling victim.

Mac OS The system is in danger Fake

Overview of the MacOS Security Center Scam

The MacOS Security Center scam preys on fears of malware and system vulnerabilities. The pop-ups display an alarming warning that viruses have been detected on your Mac.

To remove the claimed infection, you are given two options:

  1. Call the listed support number for virus removal assistance.
  2. Click to download recommended security software to detect and delete the viruses.

But here’s the catch – if you call the number or download what they suggest, you’ll be opening your Mac up to real threats, not fixing anything.

The phone number leads to fraudulent support scammers who can remotely access your Mac and steal data. And the software downloads contain adware, spyware, bots, or other types of malware.

This social engineering attack exploits fear to make users abandon caution and fall into the scam’s grasp. Stay vigilant against this dangerous Mac-targeted scheme.

How the MacOS Security Center Scam Works

Attackers have crafted this scam into a devious multi-stage operation to ensnare victims. Here’s an inside look at how it unfolds:

Stage 1 – Scare Tactic Pop-Under Ads

The scam starts with malicious popup ads served through shady ad networks. The ads evade blockers and use timers to appear after you’re on a site.

Once displayed, the pop-under ads show the dire security warnings pretending to be from MacOS Security Center to spark panic.

Stage 2 – Spoofed Apple Branding

The pop-ups mimic Apple’s aesthetics and security alert styles to look legit. Names like MacOS Security Center are chosen to sound like real Apple services.

Logos are copied, and the verbiage uses technical security language to seem credible.

Stage 3 – Social Engineering Manipulation

The text is designed to overwhelm users with urgent warnings that malware has already infected their Mac.

Threats of data theft, slow performance, and irreparable damage instill fear that users must take immediate action by calling the number or downloading software.

Stage 4 – Malware Download or Fake Support

If users call the number, they’ll be connected to smooth-talking support scammers pretending to be Apple. These scammers can install malware and gain remote access under the guise of removing infection.

If users click to download the security software, various malware will be deployed for adware, cryptomining, password stealing, and backdoors for further attacks.

Either option leaves the user worse off.

Stage 5 – Ongoing Abuse

Once malware is downloaded, attackers gain persistent access to:

  • Track browsing history, messages, and passwords
  • Inject endless popup ads
  • Secretly mine cryptocurrency
  • Brick devices for ransomware schemes

If users gave remote access, their financial and identity theft risks skyrocket. Ongoing fees can be coerced out of victims as well.

Avoiding MacOS Security Center Scams

Now that you know this scam’s misleading tactics, here are key ways to avoid becoming a victim:

  • Use ad and pop-up blockers to stop the scam ads from appearing in the first place.
  • If a Mac security alert pops up, don’t instantly panic. Verify it’s really from Apple before taking any action.
  • Never call or give remote access to unsolicited phone numbers claiming security threats.
  • Avoid downloading software from third-party sites or ads. Stick to the official App Store.
  • Keep your Mac’s software up-to-date and run anti-malware tools like MalwareBytes and Avira to block infections.
  • Use strong passwords and two-factor authentication on all accounts for an extra layer of security.
  • Make periodic backups of your Mac so you can easily wipe and restore if malware ever makes its way in.

What to Do if You Fell for This Scam

If you called the phone number or downloaded questionable software, take these steps to undo the damage:

  • Check browser extensions for anything unfamiliar that may have been installed as malware.
  • Reset your browsers like Safari and Chrome to default settings to undo unwanted changes.
  • Change passwords on all accounts that were accessible from your Mac.
  • Contact your bank if the scammers gained access to your financial accounts or credit cards.
  • Monitor all accounts closely for suspicious logins or activity indicating identity theft.
  • If you paid the scammers, report it to the FTC and contact your bank about potential fraud protections.

Though falling victim can lead to a headache, swift action can help contain the fallout and regain control of your Mac.

The End Goal of This Scam

Ultimately, the MacOS Security Center scam aims for two main monetization avenues:

1. Charging Victims for Fake Services

If users call the number, the support scammers pose as Apple technicians and fabricate problems to fix. They can charge exorbitant fees on credit cards for useless services.

2. Profiting From Malware Infections

If malware is downloaded, attackers profit through:

  • Ransomware payments
  • Cryptomining that utilizes device CPU and electricity
  • Spyware that snoops and sells user data
  • Banking trojans that capture financial account credentials
  • Reselling access to infected devices on dark web markets

This multi-pronged profit model makes the macOS scareware scam highly lucrative. But informed users are wise to their tricks.

Remove MacOS Security Center Pop-ups

This malware removal guide may appear overwhelming due to the number of steps and numerous programs that are being used. We have only written it this way to provide clear, detailed, and easy-to-understand instructions that anyone can use to remove malware for free.
Please perform all the steps in the correct order. If you have any questions or doubts at any point, stop and ask for our assistance.

STEP 1: Remove malicious profiles

Profiles are used by IT admins in businesses to control the behavior of their Macs. These profiles can configure a Mac to do many different things, some of which are not otherwise possible.
When it comes to home users, adware and browser hijackers are using the configuration profile to prevent users from removing malicious programs from the computer. This also prevents the user from changing that behavior in the browser’s settings.

In this first step, we will check your computer to see if any configuration profiles are installed. To do this, follow the below steps:

  1. Open “System Settings”

    From the Apple menu () in the top-left corner of the screen, select System Settings. (On macOS Monterey and earlier, this is called System Preferences.)

  2. Look for “Profiles”

    In the System Settings window, search for Profiles — on newer macOS versions you’ll find it under Privacy & Security, or you can type “Profiles” in the search box.
    Search for Profiles in System Preferences

    No Profiles section? Good news — that means no profiles are installed on your Mac, which is completely normal. Skip ahead to the next step of this guide.
  3. Remove the malicious profiles

    Malware uses configuration profiles to lock your browser settings — forcing a fake search engine or homepage on you and preventing you from changing it back. If you see a profile you don’t recognize (and your Mac isn’t managed by your workplace or school), select it, press the − (minus) button, and click Remove to confirm.
    Remove malicious profiles from your Mac

STEP 2: Delete malicious apps

In this second step, we will try to identify and remove any malicious apps and files that might be installed on your computer. Sometimes redirects or adware programs can have usable Uninstall entries that can be used to remove these programs.

  1. Quit the malicious programs

    Check the Apple menu bar in the top-right corner of your screen. If you see an icon you don’t recognize, click it and select Quit. This stops the malware from running so it can’t interfere while we remove it.

  2. Open “Finder”

    Click the Finder icon in your dock.
    Open Finder

  3. Click on “Applications”

    In the Finder sidebar, click “Applications“.
    Click on Applications

  4. Find and remove the malicious app

    Scroll through the list of installed apps and look for anything suspicious — an app you don’t remember installing, or one with a strange or generic name. When you find it, right-click it and select “Move to Trash“.

    Some known malicious programs to look for: SearchMine, TakeFresh, TopResults, FeedBack, ApplicationEvents, GeneralOpen, PowerLog, MessengerNow, ImagePrime, GeneralNetSearch, Reading Cursors, GlobalTechSearch, PDFOnline-express, See Scenic Elf, MatchKnowledge, Easy Speedtest, and WebDiscover. The names change constantly, though — so treat any app you can’t account for as suspect.

    Find malicious programs and Remove It

  5. Empty the Trash

    Right-click the Trash icon in your dock and select “Empty Trash“. This permanently deletes the malicious app you just removed — until you do this, the malware is still on your Mac.
    Empty Trash

  6. Find and remove the malicious files

    Malware on Mac uses launch agents and launch daemons — small files that automatically restart the malware every time you boot your Mac. We’ll check the four folders where they hide:

    1. Click the desktop to make sure you’re in Finder, then open the “Go” menu and click “Go to Folder“.Go to Folder mac
    2. Copy and paste each of the paths below into the window, one at a time, and click Go after each:
      • /Library/LaunchAgents
      • ~/Library/LaunchAgents
      • /Library/Application Support
      • /Library/LaunchDaemons
      Type the commands in the Go to Folder window

    3. In each folder, look for suspicious .plist files — typically named after the malware or with odd, random-looking names. Some known examples: “com.adobe.fpsaud.plist”, “installmac.AppRemoval.plist”, “myppes.download.plist”, “mykotlerino.ltvbit.plist”, and “com.myppes.net-preferences.plist”. When you find a malicious file, move it to the Trash — then empty the Trash again when you’re done.
      Be careful: these folders also contain files belonging to legitimate apps — especially /Library/Application Support, where programs like Adobe, Google, and Microsoft store their data. Only delete files you’re confident are malicious. If you’re unsure about a file, search its exact name online first — or skip it; the Malwarebytes scan in the next step will catch what you miss.

STEP 3: Reset browsers back to default settings

In this third step, we will remove spam push notifications and malicious extensions, and change to default any settings that might have been changed by malware.
For each browser that you have installed on your computer, please click on the tab below and follow the displayed steps to reset that browser.

Safari BrowserChrome for Mac BrowserFirefox for Mac Browser
Remove malicious extensions and settings from Safari

To remove malware from Safari we will check if there are any malicious extensions installed on your browser and what settings have been changed by this malicious program.

  1. Go to Safari’s “Preferences”.

    On the menu bar, click the “Safari” menu and select “Preferences”.
    On the Menu bar Click on Safari then Preference

  2. Check Homepage.

    This will open a new window with your Safari preferences, opened to the “General” tab. Some browser hijackers may change your default homepage, so in the Homepage field make sure it’s a web page you want to use as your start-up page.

    Change Homepage in Safari

  3. Click “Extensions”

    Next, click on the “Extensions” tab.
    Click on Extensions MacOS

  4. Find and uninstall malicious extensions.

    The “Extensions” screen will be displayed with a list of all the extensions installed on Safari. Look out for any suspicious browser extension that could be behind all the drama – anything you don’t remember downloading or that doesn’t sound like a genuine extension. By default, there are no extensions installed on Safari so it’s safe to remove an extension
    Click on Uninstall to remove malicious extension

  5. Remove spam notifications ads

    Click Preferences, click Websites, then click Notifications. Deselect “Allow websites to ask for permission to send push notifications”.

    Deselect Allow websites to ask for permission to send push notifications

  6. Remove all data stored by websites on your computer.

    In the Safari menu, choose “Preferences…”, select “Privacy” at the top of the new window that appears, and then click the “Manage Website Data” button.
    Click Manage Website Data

    In the next dialog box, click “Remove All“. It will ask you if you are sure you want to remove all data stored by websites on your computer. Select “Remove Now” to clear data that could be used to track your browsing.

    Click Remove All Website Data

  7. Empty Safari Caches.

    From your Safari menu bar, click Safari and select Preferences, then select the Advanced tab. Enable the checkbox to “Show Develop menu in menu bar“.
    Show Dev Bar

    From the menu bar select Develop, then click on Empty Caches as seen in the image below.
    empty cache

Remove malware from Chrome for Mac

To remove malware from Chrome for Mac we will reset the browser settings to their default. Doing these steps will erase all configuration information from Chrome such as your home page, tab settings, saved form information, browsing history, and cookies. This process will also disable any installed extensions. All of your bookmarks, though, will be preserved.

  1. Click on the three dots at the top right and go to Settings.

    Click on Chrome’s main menu button, represented by three dots at the top right corner. Now click on the menu option labeled Settings as shown by the arrow in the picture below, which will open the basic settings screen. Click on the Chrome menu button then on the Settings button
  2. In the left sidebar, click on the “Reset and Cleanup” option.

    In the left sidebar, click on “Reset and clean up“. Click on Reset and Cleanup
  3. Click “Reset settings to their original defaults”.

    Now click on the “Reset settings to their original defaults”. link as shown in the image below.  Reset Chrome
  4. Click “Reset Settings” button.

    A confirmation dialog should now be displayed, detailing the components that will be restored to their default state should you continue with the reset process. To complete the restoration process, click on the “Reset Settings” button. Confirm Reset Chrome browser
  5. (Optional) Reset Chrome Data Sync.

    In case a malicious extension reinstalls itself even after performing a browser reset, you have an additional option to reset the data sync for your browser. To do this, navigate to chrome.google.com/sync and click on the Clear Data button. Chrome Sync Reset
Remove malware from Firefox for Mac

To remove malware from Firefox for Mac we will reset the browser settings to its default. The reset feature fixes many issues by restoring Firefox to its factory default state while saving your essential information like bookmarks, passwords, web form auto-fill information, browsing history, and open tabs.

  1. Go to the “Help” menu.

    Click on Firefox’s main menu button, represented by three horizontal lines. When the drop-down menu appears, select the option labeled “Help“.
    Image - Click on the Firefox Menu button then select Help

  2. Click “Troubleshooting Information”.

    Next click on the “Troubleshooting Information” option as indicated by the arrow in the image below. This will bring you to a Troubleshooting page.

    Image - Troubleshooting Information option in Firefox Mac

  3. Click on “Refresh Firefox”

    Click the “Refresh Firefox” button in the upper-right corner of the “Troubleshooting Information” page.
    Image - Click on the Refresh Firefox button Mac

  4. Confirm.

    To continue, click on the “Refresh Firefox” button in the new confirmation window that opens.
    Image - Click again on Refresh Firefox button

  5. Click on “Finish”.

    Firefox will close itself and will revert to its default settings. When it’s done, a window will list the information that was imported. Click on the “Finish“.

Your old Firefox profile will be placed on your desktop in a folder named “Old Firefox Data“. If the reset didn’t fix your problem you can restore some of the information not saved by copying files to the new profile that was created. If you don’t need this folder any longer, you should delete it as it contains sensitive information.

STEP 4: Run a scan with Malwarebytes for Mac to remove malware

In this final step, we will scan the computer with Malwarebytes for Mac to find and remove any malicious programs that might be installed on your Mac.

Malwarebytes for Mac is a free on-demand scanner that removes the malware other security software tends to miss — adware, browser hijackers, and unwanted programs included. Cleaning an infected Mac with Malwarebytes has always been completely free, and it’s our go-to recommendation. Follow the steps below to scan and clean your Mac in just a few minutes.

  1. Download Malwarebytes for Mac

    Click the button below to download the latest version of Malwarebytes for Mac.

    DOWNLOAD MALWAREBYTES FOR MAC (FREE)
    (The link opens in a new page where your download will start)
  2. Open the Malwarebytes setup file

    When the download finishes, open your Downloads folder and double-click the setup file to begin the installation.

    Double-click on setup file to install Malwarebytes

  3. Follow the On-Screen Prompts to Install Malwarebytes

    The Malwarebytes for Mac Installer will guide you through a few quick screens. Click “Continue” and keep following the prompts until the installation completes.

    Click Continue to install Malwarebytes for Mac

    Click again on Continue to install Malwarebytes for Mac

    Click Install to install Malwarebytes on Mac

    When the installation is complete, Malwarebytes opens to the Welcome to Malwarebytes screen. Click “Get started“.

  4. Select “Personal Computer” or “Work Computer”

    Malwarebytes will ask what type of computer you’re installing it on. Click either Personal Computer or Work Computer, whichever applies.
    Select Personal Computer or Work Computer mac

  5. Start the Scan

    Click the “Scan” button. Malwarebytes will automatically update its detection database and begin checking your Mac for malware.
    Click on Scan button to start a system scan Mac

  6. Wait for the Scan to Finish

    Malwarebytes will scan your Mac for adware, browser hijackers, and other malicious programs. This can take a few minutes, so feel free to do something else — just check back occasionally to see the progress.
    Wait for Malwarebytes for Mac to scan for malware

  7. Quarantine the Detected Threats

    When the scan is done, you’ll see a list of everything Malwarebytes found. Click the “Quarantine” button to remove all the threats at once.
    Review the malicious programs and click on Quarantine to remove malware

  8. Restart Your Mac

    Malwarebytes will now remove all the malicious files it found. Some threats can only be fully removed after a reboot — if Malwarebytes asks you to restart, allow it. Once you’re logged back in, your Mac is clean.
    Malwarebytes For Mac requesting to restart computer

Closing Thoughts

Pop-up scams that instill urgency via fake security warnings threaten all platforms – including Macs. But understanding the social engineering tactics allows you to recognize and avoid the scam.

No legitimate Mac security alert will demand immediate software downloads or phone calls. Use caution rather than haste if faced with a dire-sounding pop-up.

With proper precautions, you can keep your Mac free of bugs and infections – without fear of alarmist security scams trying to fool you. Don’t let them prey on fear.

Frequently Asked Questions

What is the MacOS Security Center pop-up scam?

This is a deceptive pop-up that pretends to be from MacOS Security Center claiming malware was detected on your Mac. It tells you to call a number or download software to remove the infection, which actually spreads malware instead.

How does the pop-up appear on my Mac?

It shows up through malicious third-party ads on shady websites. The pop-under ads are designed to look like real macOS virus warnings.

What happens if I call the phone number in the pop-up?

You’ll be connected to an illegitimate support scammer pretending to be Apple. They can remotely access your Mac under the guise of removing infections and steal data or install malware.

What happens if I download their recommended security software?

The software will contain malware, not real virus protection. It will infect your Mac with adware, spyware, cryptominers, password stealers, or other threats.

What’s the end goal of this scam?

The scammers want to charge victims money for fake services, or profit by selling user data, spreading ransomware, cryptomining, and reselling access to infected devices.

Can I trust Mac security pop-up warnings?

No, legitimate Mac alerts would never tell you to call a third-party number or download software from outside the App Store. Assume pop-up warnings are scams.

How can I remove malware if I fell for this?

Disconnect from the internet, boot in safe mode, run anti-malware scans, check for unwanted extensions/apps, reset browser settings, change compromised passwords, and monitor accounts closely for unauthorized access.

How can I avoid this scam in the future?

Use ad blockers, don’t call or click on pop-ups, keep Mac software updated, run anti-malware tools, avoid shady sites, and refrain from downloading outside the App Store.

10 Rules to Avoid Online Scams

Here are 10 practical safety rules to help you avoid malware, online shopping scams, crypto scams, and other online fraud. Each tip includes a quick “if you already got hit” action.

  1. Stop and verify before you click, log in, download, or pay.

    warning sign

    Most scams win by creating urgency. Verify using a trusted method: type the website address yourself, use the official app, or call a known number (not the one in the message).

    If you already clicked: close the page, do not enter passwords, and run a malware scan.

  2. Keep your operating system, browser, and apps updated.

    updates guide

    Updates patch security holes used by malware and malicious ads. Turn on automatic updates where possible.

    If you saw a scary “update now” pop-up: close it and update only through your device settings or the official app store.

  3. Use layered protection: antivirus plus an ad blocker.

    shield guide

    Antivirus helps block malware. An ad blocker reduces scam redirects, phishing pages, and malvertising.

    If your browser is acting weird: remove unknown extensions, reset the browser, then run a full scan.

  4. Install apps, software, and extensions only from official sources.

    install guide

    Avoid cracked software, “keygens,” and random downloads. During installs, choose Custom/Advanced and decline bundled offers you do not recognize.

    If you already installed something suspicious: uninstall it, restart, and scan again.

  5. Treat links and attachments as untrusted by default.

    cursor sign

    Phishing often impersonates delivery services, banks, and popular brands. If it is unexpected, do not open attachments or log in through the message.

    If you entered credentials: change the password immediately and enable 2FA.

  6. Shop safely: research the store, then pay with protection.

    trojan horse

    Be cautious with brand-new stores, “closing sale” stories, and prices that make no sense. Prefer credit cards or PayPal for dispute options. Avoid wire transfers, gift cards, and crypto payments.

    If you already paid: contact your card issuer or PayPal quickly to dispute the transaction.

  7. Crypto rule: never pay a “fee” to withdraw or recover money.

    lock sign

    Common patterns include fake profits, then “tax,” “gas,” or “verification” fees. Another is a “recovery agent” who demands upfront crypto.

    If you already sent crypto: stop paying, save evidence (wallet addresses, TXIDs, chats), and report the scam to the platform used.

  8. Secure your accounts with unique passwords and 2FA (start with email).

    lock sign

    Use a password manager and unique passwords for every account. Enable 2FA using an authenticator app when possible.

    If you suspect an account takeover: change passwords, sign out of all devices, and review recent logins and recovery settings.

  9. Back up important files and keep one backup offline.

    backup sign

    Backups protect you from ransomware and device failure. Keep at least one backup on an external drive that is not always connected.

    If you suspect infection: do not connect backup drives until the system is clean.

  10. If you think you are a victim: stop losses, document evidence, and escalate fast.

    warning sign

    Move quickly. Speed matters for disputes, account recovery, and limiting damage.

    • Stop payments and contact: do not send more money or respond to the scammer.
    • Call your bank or card issuer: block transactions, replace the card if needed, and start a dispute or chargeback.
    • Secure your email first: change the email password, enable 2FA, and remove unfamiliar recovery options.
    • Secure other accounts: change passwords, enable 2FA, and log out of all sessions.
    • Scan your device: remove suspicious apps or extensions, then run a full malware scan.
    • Save evidence: screenshots, emails, order pages, tracking pages, wallet addresses, TXIDs, and chat logs.
    • Report it: to the payment provider, marketplace, social platform, exchange, or wallet service involved.

These rules are intentionally simple. Most online losses happen when decisions are rushed. Slow down, verify independently, and use payment methods and account controls that give you recourse.

Previous

 The “Word Online Extension Is Not Installed” Scam Explained

Next

The New German Waterproof Spot Lights Handheld Large Searchlight Scam Explained