You’re working on your Mac when suddenly an alarming pop-up appears from “MacOS Security Center” claiming your system is under threat. It insists you call a phone number immediately or download software to remove viruses and malware. This dire warning seems like a legitimate Mac alert, but don’t be fooled – it’s a devious scam.
The MacOS Security Center scam has spread rapidly through malicious ads and shady sites. The pop-ups are designed to instill panic that your Mac is infected. If you call the number or download what they recommend, you’ll compromise your system rather than fix it.
In this comprehensive guide, we’ll break down how this macOS scam works, what the real motives are, and most crucially, how to avoid falling victim.
Overview of the MacOS Security Center Scam
The MacOS Security Center scam preys on fears of malware and system vulnerabilities. The pop-ups display an alarming warning that viruses have been detected on your Mac.
To remove the claimed infection, you are given two options:
- Call the listed support number for virus removal assistance.
- Click to download recommended security software to detect and delete the viruses.
But here’s the catch – if you call the number or download what they suggest, you’ll be opening your Mac up to real threats, not fixing anything.
The phone number leads to fraudulent support scammers who can remotely access your Mac and steal data. And the software downloads contain adware, spyware, bots, or other types of malware.
This social engineering attack exploits fear to make users abandon caution and fall into the scam’s grasp. Stay vigilant against this dangerous Mac-targeted scheme.
How the MacOS Security Center Scam Works
Attackers have crafted this scam into a devious multi-stage operation to ensnare victims. Here’s an inside look at how it unfolds:
Stage 1 – Scare Tactic Pop-Under Ads
The scam starts with malicious popup ads served through shady ad networks. The ads evade blockers and use timers to appear after you’re on a site.
Once displayed, the pop-under ads show the dire security warnings pretending to be from MacOS Security Center to spark panic.
Stage 2 – Spoofed Apple Branding
The pop-ups mimic Apple’s aesthetics and security alert styles to look legit. Names like MacOS Security Center are chosen to sound like real Apple services.
Logos are copied, and the verbiage uses technical security language to seem credible.
Stage 3 – Social Engineering Manipulation
The text is designed to overwhelm users with urgent warnings that malware has already infected their Mac.
Threats of data theft, slow performance, and irreparable damage instill fear that users must take immediate action by calling the number or downloading software.
Stage 4 – Malware Download or Fake Support
If users call the number, they’ll be connected to smooth-talking support scammers pretending to be Apple. These scammers can install malware and gain remote access under the guise of removing infection.
If users click to download the security software, various malware will be deployed for adware, cryptomining, password stealing, and backdoors for further attacks.
Either option leaves the user worse off.
Stage 5 – Ongoing Abuse
Once malware is downloaded, attackers gain persistent access to:
- Track browsing history, messages, and passwords
- Inject endless popup ads
- Secretly mine cryptocurrency
- Brick devices for ransomware schemes
If users gave remote access, their financial and identity theft risks skyrocket. Ongoing fees can be coerced out of victims as well.
Avoiding MacOS Security Center Scams
Now that you know this scam’s misleading tactics, here are key ways to avoid becoming a victim:
- Use ad and pop-up blockers to stop the scam ads from appearing in the first place.
- If a Mac security alert pops up, don’t instantly panic. Verify it’s really from Apple before taking any action.
- Never call or give remote access to unsolicited phone numbers claiming security threats.
- Avoid downloading software from third-party sites or ads. Stick to the official App Store.
- Keep your Mac’s software up-to-date and run anti-malware tools like MalwareBytes and Avira to block infections.
- Use strong passwords and two-factor authentication on all accounts for an extra layer of security.
- Make periodic backups of your Mac so you can easily wipe and restore if malware ever makes its way in.
What to Do if You Fell for This Scam
If you called the phone number or downloaded questionable software, take these steps to undo the damage:
- Check browser extensions for anything unfamiliar that may have been installed as malware.
- Reset your browsers like Safari and Chrome to default settings to undo unwanted changes.
- Change passwords on all accounts that were accessible from your Mac.
- Contact your bank if the scammers gained access to your financial accounts or credit cards.
- Monitor all accounts closely for suspicious logins or activity indicating identity theft.
- If you paid the scammers, report it to the FTC and contact your bank about potential fraud protections.
Though falling victim can lead to a headache, swift action can help contain the fallout and regain control of your Mac.
The End Goal of This Scam
Ultimately, the MacOS Security Center scam aims for two main monetization avenues:
1. Charging Victims for Fake Services
If users call the number, the support scammers pose as Apple technicians and fabricate problems to fix. They can charge exorbitant fees on credit cards for useless services.
2. Profiting From Malware Infections
If malware is downloaded, attackers profit through:
- Ransomware payments
- Cryptomining that utilizes device CPU and electricity
- Spyware that snoops and sells user data
- Banking trojans that capture financial account credentials
- Reselling access to infected devices on dark web markets
This multi-pronged profit model makes the macOS scareware scam highly lucrative. But informed users are wise to their tricks.
Remove MacOS Security Center Pop-ups
Please perform all the steps in the correct order. If you have any questions or doubts at any point, stop and ask for our assistance.
- STEP 1: Remove malicious profiles
- STEP 2: Delete malicious apps
- STEP 3: Reset browsers back to default settings
- STEP 4: Run a scan with Malwarebytes for Mac to remove malware
STEP 1: Remove malicious profiles
Profiles are used by IT admins in businesses to control the behavior of their Macs. These profiles can configure a Mac to do many different things, some of which are not otherwise possible.
When it comes to home users, adware and browser hijackers are using the configuration profile to prevent users from removing malicious programs from the computer. This also prevents the user from changing that behavior in the browser’s settings.
In this first step, we will check your computer to see if any configuration profiles are installed. To do this, follow the below steps:
-
Open “System Settings”
From the Apple menu () in the top-left corner of the screen, select System Settings. (On macOS Monterey and earlier, this is called System Preferences.)
-
Look for “Profiles”
In the System Settings window, search for Profiles — on newer macOS versions you’ll find it under Privacy & Security, or you can type “Profiles” in the search box.
No Profiles section? Good news — that means no profiles are installed on your Mac, which is completely normal. Skip ahead to the next step of this guide. -
Remove the malicious profiles
Malware uses configuration profiles to lock your browser settings — forcing a fake search engine or homepage on you and preventing you from changing it back. If you see a profile you don’t recognize (and your Mac isn’t managed by your workplace or school), select it, press the − (minus) button, and click Remove to confirm.
STEP 2: Delete malicious apps
In this second step, we will try to identify and remove any malicious apps and files that might be installed on your computer. Sometimes redirects or adware programs can have usable Uninstall entries that can be used to remove these programs.
-
Quit the malicious programs
Check the Apple menu bar in the top-right corner of your screen. If you see an icon you don’t recognize, click it and select Quit. This stops the malware from running so it can’t interfere while we remove it.
-
Open “Finder”
Click the Finder icon in your dock.
-
Click on “Applications”
In the Finder sidebar, click “Applications“.
-
Find and remove the malicious app
Scroll through the list of installed apps and look for anything suspicious — an app you don’t remember installing, or one with a strange or generic name. When you find it, right-click it and select “Move to Trash“.
Some known malicious programs to look for: SearchMine, TakeFresh, TopResults, FeedBack, ApplicationEvents, GeneralOpen, PowerLog, MessengerNow, ImagePrime, GeneralNetSearch, Reading Cursors, GlobalTechSearch, PDFOnline-express, See Scenic Elf, MatchKnowledge, Easy Speedtest, and WebDiscover. The names change constantly, though — so treat any app you can’t account for as suspect.
-
Empty the Trash
Right-click the Trash icon in your dock and select “Empty Trash“. This permanently deletes the malicious app you just removed — until you do this, the malware is still on your Mac.
Find and remove the malicious files
Malware on Mac uses launch agents and launch daemons — small files that automatically restart the malware every time you boot your Mac. We’ll check the four folders where they hide:
- Click the desktop to make sure you’re in Finder, then open the “Go” menu and click “Go to Folder“.
- Copy and paste each of the paths below into the window, one at a time, and click Go after each:
- /Library/LaunchAgents
- ~/Library/LaunchAgents
- /Library/Application Support
- /Library/LaunchDaemons
- In each folder, look for suspicious .plist files — typically named after the malware or with odd, random-looking names. Some known examples: “com.adobe.fpsaud.plist”, “installmac.AppRemoval.plist”, “myppes.download.plist”, “mykotlerino.ltvbit.plist”, and “com.myppes.net-preferences.plist”. When you find a malicious file, move it to the Trash — then empty the Trash again when you’re done.
Be careful: these folders also contain files belonging to legitimate apps — especially /Library/Application Support, where programs like Adobe, Google, and Microsoft store their data. Only delete files you’re confident are malicious. If you’re unsure about a file, search its exact name online first — or skip it; the Malwarebytes scan in the next step will catch what you miss.
- Click the desktop to make sure you’re in Finder, then open the “Go” menu and click “Go to Folder“.
STEP 3: Reset browsers back to default settings
In this third step, we will remove spam push notifications and malicious extensions, and change to default any settings that might have been changed by malware.
For each browser that you have installed on your computer, please click on the tab below and follow the displayed steps to reset that browser.
Remove malicious extensions and settings from Safari
To remove malware from Safari we will check if there are any malicious extensions installed on your browser and what settings have been changed by this malicious program.
-
Go to Safari’s “Preferences”.
On the menu bar, click the “Safari” menu and select “Preferences”.
-
Check Homepage.
This will open a new window with your Safari preferences, opened to the “General” tab. Some browser hijackers may change your default homepage, so in the Homepage field make sure it’s a web page you want to use as your start-up page.
-
Click “Extensions”
Next, click on the “Extensions” tab.
-
Find and uninstall malicious extensions.
The “Extensions” screen will be displayed with a list of all the extensions installed on Safari. Look out for any suspicious browser extension that could be behind all the drama – anything you don’t remember downloading or that doesn’t sound like a genuine extension. By default, there are no extensions installed on Safari so it’s safe to remove an extension
-
Remove spam notifications ads
Click Preferences, click Websites, then click Notifications. Deselect “Allow websites to ask for permission to send push notifications”.
-
Remove all data stored by websites on your computer.
In the Safari menu, choose “Preferences…”, select “Privacy” at the top of the new window that appears, and then click the “Manage Website Data” button.
In the next dialog box, click “Remove All“. It will ask you if you are sure you want to remove all data stored by websites on your computer. Select “Remove Now” to clear data that could be used to track your browsing.
-
Empty Safari Caches.
From your Safari menu bar, click Safari and select Preferences, then select the Advanced tab. Enable the checkbox to “Show Develop menu in menu bar“.
From the menu bar select Develop, then click on Empty Caches as seen in the image below.
Remove malware from Chrome for Mac
To remove malware from Chrome for Mac we will reset the browser settings to their default. Doing these steps will erase all configuration information from Chrome such as your home page, tab settings, saved form information, browsing history, and cookies. This process will also disable any installed extensions. All of your bookmarks, though, will be preserved.
-
Click on the three dots at the top right and go to Settings.
Click on Chrome’s main menu button, represented by three dots at the top right corner. Now click on the menu option labeled Settings as shown by the arrow in the picture below, which will open the basic settings screen. -
In the left sidebar, click on the “Reset and Cleanup” option.
In the left sidebar, click on “Reset and clean up“. -
Click “Reset settings to their original defaults”.
Now click on the “Reset settings to their original defaults”. link as shown in the image below. -
Click “Reset Settings” button.
A confirmation dialog should now be displayed, detailing the components that will be restored to their default state should you continue with the reset process. To complete the restoration process, click on the “Reset Settings” button. -
(Optional) Reset Chrome Data Sync.
In case a malicious extension reinstalls itself even after performing a browser reset, you have an additional option to reset the data sync for your browser. To do this, navigate to chrome.google.com/sync and click on the Clear Data button.
Remove malware from Firefox for Mac
To remove malware from Firefox for Mac we will reset the browser settings to its default. The reset feature fixes many issues by restoring Firefox to its factory default state while saving your essential information like bookmarks, passwords, web form auto-fill information, browsing history, and open tabs.
-
Go to the “Help” menu.
Click on Firefox’s main menu button, represented by three horizontal lines. When the drop-down menu appears, select the option labeled “Help“.
-
Click “Troubleshooting Information”.
Next click on the “Troubleshooting Information” option as indicated by the arrow in the image below. This will bring you to a Troubleshooting page.
-
Click on “Refresh Firefox”
Click the “Refresh Firefox” button in the upper-right corner of the “Troubleshooting Information” page.
-
Confirm.
To continue, click on the “Refresh Firefox” button in the new confirmation window that opens.
-
Click on “Finish”.
Firefox will close itself and will revert to its default settings. When it’s done, a window will list the information that was imported. Click on the “Finish“.
STEP 4: Run a scan with Malwarebytes for Mac to remove malware
In this final step, we will scan the computer with Malwarebytes for Mac to find and remove any malicious programs that might be installed on your Mac.
Malwarebytes for Mac is a free on-demand scanner that removes the malware other security software tends to miss — adware, browser hijackers, and unwanted programs included. Cleaning an infected Mac with Malwarebytes has always been completely free, and it’s our go-to recommendation. Follow the steps below to scan and clean your Mac in just a few minutes.
-
Download Malwarebytes for Mac
Click the button below to download the latest version of Malwarebytes for Mac.
-
Open the Malwarebytes setup file
When the download finishes, open your Downloads folder and double-click the setup file to begin the installation.
-
Follow the On-Screen Prompts to Install Malwarebytes
The Malwarebytes for Mac Installer will guide you through a few quick screens. Click “Continue” and keep following the prompts until the installation completes.
When the installation is complete, Malwarebytes opens to the Welcome to Malwarebytes screen. Click “Get started“.
-
Select “Personal Computer” or “Work Computer”
Malwarebytes will ask what type of computer you’re installing it on. Click either Personal Computer or Work Computer, whichever applies.
-
Start the Scan
Click the “Scan” button. Malwarebytes will automatically update its detection database and begin checking your Mac for malware.
-
Wait for the Scan to Finish
Malwarebytes will scan your Mac for adware, browser hijackers, and other malicious programs. This can take a few minutes, so feel free to do something else — just check back occasionally to see the progress.
-
Quarantine the Detected Threats
When the scan is done, you’ll see a list of everything Malwarebytes found. Click the “Quarantine” button to remove all the threats at once.
-
Restart Your Mac
Malwarebytes will now remove all the malicious files it found. Some threats can only be fully removed after a reboot — if Malwarebytes asks you to restart, allow it. Once you’re logged back in, your Mac is clean.
Closing Thoughts
Pop-up scams that instill urgency via fake security warnings threaten all platforms – including Macs. But understanding the social engineering tactics allows you to recognize and avoid the scam.
No legitimate Mac security alert will demand immediate software downloads or phone calls. Use caution rather than haste if faced with a dire-sounding pop-up.
With proper precautions, you can keep your Mac free of bugs and infections – without fear of alarmist security scams trying to fool you. Don’t let them prey on fear.
Frequently Asked Questions
What is the MacOS Security Center pop-up scam?
This is a deceptive pop-up that pretends to be from MacOS Security Center claiming malware was detected on your Mac. It tells you to call a number or download software to remove the infection, which actually spreads malware instead.
How does the pop-up appear on my Mac?
It shows up through malicious third-party ads on shady websites. The pop-under ads are designed to look like real macOS virus warnings.
What happens if I call the phone number in the pop-up?
You’ll be connected to an illegitimate support scammer pretending to be Apple. They can remotely access your Mac under the guise of removing infections and steal data or install malware.
What happens if I download their recommended security software?
The software will contain malware, not real virus protection. It will infect your Mac with adware, spyware, cryptominers, password stealers, or other threats.
What’s the end goal of this scam?
The scammers want to charge victims money for fake services, or profit by selling user data, spreading ransomware, cryptomining, and reselling access to infected devices.
Can I trust Mac security pop-up warnings?
No, legitimate Mac alerts would never tell you to call a third-party number or download software from outside the App Store. Assume pop-up warnings are scams.
How can I remove malware if I fell for this?
Disconnect from the internet, boot in safe mode, run anti-malware scans, check for unwanted extensions/apps, reset browser settings, change compromised passwords, and monitor accounts closely for unauthorized access.
How can I avoid this scam in the future?
Use ad blockers, don’t call or click on pop-ups, keep Mac software updated, run anti-malware tools, avoid shady sites, and refrain from downloading outside the App Store.




































