Stay on top of the common manifestations of the Mac System Alert virus, including tech support scams and data theft attacks, and learn how to get rid of it.
To its credit, the macOS platform is fairly well protected against malicious software by design. It also boasts mechanisms that prevent users from accidentally or unknowingly making irreversible adverse changes to their systems and installing harmful apps from sources beyond the approved ones. Given these favorable circumstances for Apple proponents, meticulous and resourceful cybercriminals are bound to come up with ways to contrapose such robust defenses. Unfortunately, the crooks have managed to get around the obstacles by pulling off attacks that rely on users’ gullibility. They have been coining numerous tech support scams in order to dupe people into following fraudulent recommendations. One of the longest-running campaigns has to do with browser hijacks leading to pages that say, “Your Mac is infected with 3 viruses” or “Your system is infected with 3 viruses”.
The mechanics of this incursion are quite prosaic. First, the malicious agents make sure the would-be victim’s browser – be it Safari, Chrome or Firefox – returns a deceptive Mac System Alert popup or bogus Apple Warning Alert. To achieve this particular goal, the attackers may either deposit a piece of browser hijacking malware onto the target Mac, or they may compromise a popular website and surreptitiously inject a script that triggers the rerouting once you visit the site. Whereas the logic is fundamentally different in the above scenarios, the outcome is the same in the long run. The user’s traffic ends up getting diverted to a spoof page mimicking the AppleCare service. It says:
“Your system is infected with 3 viruses!
Your Mac OS X is infected with 3 viruses. Our security check found traces of (2) malware and (1) phishing/spyware. System damage: 28.1% - Immediate removal required!
The removal of the viruses is required to prevent further system damage, loss of Apps, Photos or other files. Traces of (1) Phishing/Spyware were found on your Mac OS X. Personal and banking information are at risk.”
Note that the wording may be a little bit different, but the idea is clear: the malefactors try to pressure the victim into calling bogus “Apple Support” or installing some rogue program, such as the Mac Keeper scareware, to run a system scan. Either option is a mistake, because the hoax is aimed at convincing the user to cough up money in one way or another to fix a problem that doesn’t even exist. The main thing to keep in mind in this regard is that the alert is a bluff.
Another variant of a misleading Mac System Alert revolves around brainwashing isolated to the purported issues with the web browser. The source of these popups is the same as in the above-mentioned scam – it is either on the host side (due to a browser hijack) or on an arbitrary hacked web page side. In this case, the warning message goes:
“Safari – Alert
Suspicious activity detected. Your browser might have been hijacked and an anonymous activity has been detected.
Major security issue. To fix it please call Support for Apple immediately!”
Of course, the phone number indicated in this alert has nothing to do with Apple. Whoever answers it is a fraudster who will engage all of their social engineering skills to persuade you into paying for their pseudo-support. Therefore, the tip of the day is to refrain from giving those ne’er-do-wells a phone call. Apple will never act in such an obtrusive fashion, so you are dealing with impostors. Meanwhile, there is no real problem with Safari, except that it may have been affected by the individuals who want you to call them in the first place. This is a typical scare tactic that should be addressed in a way other than following the instructions on the counterfeit Mac System Alert.
One more tech support scam doing the rounds on a large scale sticks with the “System Security at Risk” theme. We aren’t going to reiterate the origin of this particular type of popup alerts, since they emanate from the exact same shenanigans as in the above scenarios. Having been redirected, the victim will see a fake message that says:
“System Security at Risk
Critical Security Warning! Your Mac has detected a serious attack on this system, as your IP address might be accessed from two different locations at one time. A Suspicious Connection might be trying to access Your Logins, Banking Details & Tracking Your Internet Activity.”
Predictably enough, the popup additionally includes the toll-free “Customer Service” number. To add a bit of ostensible legitimacy to the fraud, the alert indicates a random-looking error code that the victim is supposed to provide after reaching the self-proclaimed support agent. Once again, do not call the threat actors and never pay for any of their junk services or software they may promote. By the way, notice the capitalized words on some of these alerts – that’s most likely a trick to draw the prey’s attention to specific terms and phrases in order to intimidate them further. This is nothing but professional manipulation in action.
Now that we have covered the most common types of browser-borne Mac System Alerts, it’s time to take a quick dive into a variant that’s tailored more craftily and way more competently. It is a Mac System Alert virus that displays the “Apple wants to make changes” popup dialogs. The crucial difference from the rogue support-related maneuvers is that the perpetrators are after the user’s admin credentials in this case. Also, whereas the previously described scams do not necessarily involve malware running inside the Mac, this technique heavily relies on the presence of offending code inside the host.
In plain words, the fact that you are seeing the “Apple wants to make changes” alerts is a sign of malware activity that’s already going on. The infection triggers these popups, and if the victim turns out credulous enough to enter their username and password, the cyber culprit will immediately send these sensitive details to the hackers’ C2 server. With that information at their disposal, the crooks can remotely access the Mac computer to steal personal data stored in it or install some more harmful software without the admin’s knowledge and consent.
No matter what kind of the Mac System Alert you have come across, the following walkthrough will help you remove the malware that displays the popups or has been installed as a result of your actions in response to these phony notifications.
Mac System Alert virus manual removal for Mac
The steps listed below will walk you through the removal of this malicious application. Be sure to follow the instructions in the order specified.
• Open up the Utilities folder as shown below
• Locate the Activity Monitor icon on the screen and double-click on it
• Under Activity Monitor, find a suspicious entry that’s not supposed to be there, select it and click Quit Process
• A dialog should pop up, asking if you are sure you would like to quit the troublemaking process. Select the Force Quit option
• Click the Go button again, but this time select Applications on the list. Find the rogue entry on the interface, right-click on it and select Move to Trash. If user password is required, go ahead and enter it
• Now go to Apple Menu and pick the System Preferences option
• Select Accounts and click the Login Items button. The system will come up with the list of the items that launch when the computer is started up. Locate the likely infection there and click on the “-“ button
Get rid of Mac System Alert popups in web browser
To begin with, settings for the web browser that got hit by the Mac System Alert virus should be restored to their default values. The overview of steps for this procedure is as follows:
1. Reset Safari
• Open the browser and go to Safari menu. Select Preferences in the drop-down list
• Once the Preferences screen appears, hit the Privacy tab at the top. Find the option that says Remove All Website Data and click on it
• The system will display a confirmation dialog that also includes a brief description of what the reset does. Specifically, you may be logged out of some services and encounter other changes of website behavior after the procedure. If you’re okay with that, go ahead and click the Remove Now button
• In order to selectively clear data generated by certain websites only, not all of them, hit the Details button under the Privacy section of Safari Preferences
• This feature will list all websites that have stored potentially sensitive data, including cache and cookies. Select the one, or ones, that might be causing trouble and click the appropriate button at the bottom (Remove or Remove All). Click the Done button to exit.
2. Reset Google Chrome
• Open Chrome and click the Customize and Control Google Chrome menu icon
• Select Options for a new window to appear
• Select Under the Hood tab, then click Reset to defaults button
3. Reset Mozilla Firefox
• Open Firefox and select Help – Troubleshooting Information
• On the page that opened, click the Reset Firefox button
Get rid of Mac System Alert malware using Combo Cleaner removal tool
The Mac maintenance and security app called Combo Cleaner is a one-stop tool to detect and remove Mac System Alert virus virus. This technique has substantial benefits over manual cleanup, because the utility gets hourly virus definition updates and can accurately spot even the newest Mac infections.
Furthermore, the automatic solution will find the core files of the malware deep down the system structure, which might otherwise be a challenge to locate. Here’s a walkthrough to sort out the Mac System Alert virus issue using Combo Cleaner:
- Download Combo Cleaner installer . When done, double-click the combocleaner.dmg file and follow the prompts to install the tool onto your Mac.
- Open the app from your Launchpad and let it run the update of malware signature database to make sure it can identify the latest threats.
- Click the Start Combo Scan button to check your Mac for malicious activity as well as performance issues.
- Examine the scan results. If the report says “No Threats”, then you are on the right track with the manual cleaning and can safely proceed to tidy up the web browser that may continue to act up due to the after-effects of the malware attack (see instructions above).
- In case Combo Cleaner has detected malicious code, click the Remove Selected Items button and have the utility remove Mac System Alert virus threat along with any other viruses, PUPs (potentially unwanted programs), or junk files that don’t belong on your Mac.
- Once you have made doubly sure that the malicious app is uninstalled, the browser-level troubleshooting might still be on your to-do list. If your preferred browser is affected, resort to the previous section of this tutorial to revert to hassle-free web surfing.