One of the unwelcome side effects of Apple’s success in the last five years has been the scourge of sneaky software that sleazily sidles into your Mac. It often changes your search engine, puts ads over your web sites, and makes your computer perform poorly.
Similarly, Mac, iPhone, and iPad users are now targeted by web sites designed to trick you into thinking that you have been infected, invaded, or intruded upon, so that you make an expensive “support” call, or buy software you don’t need, or install the aforementioned “adware.” We get calls from clients about bogus warnings pretty regularly.
Examples
Here are some examples of web pop-up windows that look real but are scams. Beware!
This virus alert is bogus.
This virus alert is also bogus.
Beware the Flash Player update scam! This is bogus as well.
And NEVER install MacKeeper!
How do you get this malware?
In the case of the bogus web sites, it’s often because you unwittingly mistyped a URL, or you visited a legitimate website that uses a dubious advertisement provider. As for the software, it might be what you installed after visiting one of these sites, or it might be something you installed without realizing while installing an otherwise legitimate piece of free software. And it can happen because you opened a disguised attachment in an email, possibly appearing to be from someone you know even though he/she didn’t really send it.
How do you protect yourself?
First off, if your Mac or mobile device pops up a warning while on a web site that says your system has been compromised or is suffering from poor performance, just IGNORE IT. It’s not true. NEVER open attachments in email from people you don’t know, any apparent “company” (e.g. FedEx), and even it’s from someone you do know if there’s anything fishy about it (poor grammar, or no message, only an attachment), send an email to that person (don’t reply) asking if he/she sent you an attachment. If you’re installing software on your Mac that didn’t come from the Mac App Store, read each screen of the installation process carefully to make sure you’re not also installing something you don’t want. DON’T install MacKeeper (whose mascot looks vaguely like the Michelin Man), even though it looks legit. And NEVER call anyone other than Apple or us (or another trusted service provider) for help.
What do you do if you’ve got this crap on your system?
The most effective tool to remove it from your Mac is MalwareBytes for Mac. Keep running it until it says it can’t find anything. Then restart your computer. If the malware made changes to the website you use for search, or the pages you set as home pages, you’ll need to open up Safari (or Chrome or Firefox), go to Preferences, and change the search engine and home page back to what you want them to be. (In Chrome, also pay attention to the settings that automatically open web sites on start up). For ongoing protection, you can use a security product such as Avira Free, but you should still run MalwareBytes if anything looks amiss.
In a web browser such as Safari (or Chrome or Firefox), if you can’t get rid of the pop-up alerts even after restarting your Mac, you’ll need to force-quit: Hold down Option-Command-Escape at the same time and you’ll see a Force Quit window pop up; then choose Safari (or Chrome or Firefox) and click the Force Quit button. Then restart Safari (or Chrome or Firefox) and hold down the Shift key while it starts up.
If your iPhone or iPad browsing has been taken over, look under General -> Settings -> VPN and delete any VPN entries if there are any, and if that doesn’t help, go to General -> Settings -> Safari and tap Clear History and Website Data.
What if you did let someone access your computer or your passwords?
If you did call an untrusted “support service” and gave them any passwords, or if you allowed them remote support to your computer, change your Apple ID password and other important passwords for sure, and possibly call us or Apple to make sure that they didn’t install anything that could still allow remote access to your Mac.
And, of course, if you have any doubts or questions, we’re here to help. We want your Mac, iPhone and iPad safe and happy.
(January 2016)