Apple Defender Security Center POP-UP SCAM (Virus removal guide)

What is Apple Defender Security Center SCAM?

Apple Defender Security Center is a technical support scam in which scammers use “social engineering” methods in order trick users into unnecessary technical support services to supposedly fix Apple Security problems that don’t exist. Victims are encouraged to pay for unnecessary services and software, or even provide remote access to their computer. Most often, scammers ask victims to pay by wire transfer, put money on a gift card, prepaid card or use a money transfer app because such payments are difficult to reverse.

Users can stumble onto sites with the Apple Defender Security Center scam just by entering a misspelled web address. Users can also be redirected to such scams by malvertising (malicious advertisements), Adware and potentially unwanted apps (PUAs). The technical support scam is often hosted using CloudFront, Amazon, Google and other cloud services. This is not the first time that scammers/cyber criminals have used legitimate cloud services for malicious purposes.

QUICK LINKS

• What is Apple Defender Security Center SCAM?
• Protection
• Removal

Apple Defender Security Center Scam in detail

The scam displays a warning that the computer has been blocked due to security reasons, supposedly the computer is infected with a trojan spyware Ads.fiancetrack(2).dll. This warning urges users to contact Apple Support to get help from a technical troubleshooter over the phone.

Of course, this pop-up warning is a fake, since there are no sites that can determine that a computer is infected. The purpose of this scam is to make users believe that the computer is infected, and thereby force them to call the +1-866-750-0701 number to get technical support.

Scammers monetize the “technical support” scam by selling fake technical support and unnecessary software, installing remote administration utilities that can be used for malicious actions, such as infecting a computer with Trojans, adware, spyware and even ransomware.

Text presented on the “Apple Defender Security Center” error messages:

Access to this computer has been blocked due to security reasons. Do not access or restart this computer. Ignoring this critical warning may result in loss of data on this system. Please contact support immediately so that a Apple engineer can walk you through the troubleshooting steps over the phone.

Apple-Defender – Security Warning

** ACCESS TO THIS PC HAS BEEN BLOCKED FOR SECURITY REASONS **

Your computer has alerted us that it has been infected with a Trojan Spyware. The following data has been compromised.

> Email Credentials
> Banking Passwords
> Facebook Login
> Pictures & Documents

Apple-Defender Scan has found potentially unwanted Adware on this device that can steal your passwords, online identity, financial information, personal files, pictures or documents.

You must contact us immediately so that our engineers can walk you through the removal process over the phone.

Call Apple Support immediately to report this threat, prevent identity theft and unlock access to this device.

Closing this window will put your personal information at risk and lead to a suspension of your Apple Registration.

Call Apple Support: +1-866-750-0701 (Toll Free)

The scammers behind this scam try to trick users into buying help in removing viruses or installing a remote control tool, which they pretend to be a program to diagnose a computer. It is important to understand that having access to a computer, scammers can steal private information and personal files, install malware (spyware, ransomware or Trojan horses), make fraudulent purchases.

Text presented in the second pop-up of the Apple Defender Security Center scam:

Apple Defender Security Center

App: Ads.fiancetrack(2).dll
Threat Detected: Trojan Spyware

Access to this PC has been blocked for security reasons.
Contact Apple Support: +1-866-750-0701 (Toll Free)

How to protect against “Apple Defender Security Center” scam

To avoid becoming a victim of scammers, it is important to always keep in mind:

• There are no websites that can detect security problems.
• Apple Security pop-up warnings will never ask you to call a phone number.
• Apple tech support will never ask you to pay for support with gift cards or cryptocurrency.
• Never install software promoted by scam sites, as it can be useless, and besides, it can be dangerous for you and your computer.
• Close “Apple Defender Security Center” as soon as it appears on your computer screen. Scammers can prevent you from closing it in various ways. In such cases, close your browser using Activity Monitor or restart your Mac. If the next time you launch the browser, it prompts you to restore the previous session, abandon it, otherwise this scam will reopen on your screen.
• Use an ad blocker when browsing the internet. It can block known scam sites and protect you from scammers.
• If you think your computer has a virus, install trusted antivirus software, or update your computer’s security software and run a system scan.

Threat Summary

Name	Apple Defender Security Center
Type	technical support scam, phishing, fake alerts
Fake claims	Access to this PC has been blocked for security reasons, Your computer has alerted us that it has been infected with a Trojan Spyware, Apple-Defender Scan has found potentially unwanted Adware on this device
Scammers Phone Numbers	+1-866-750-0701, 1-866-707-0041, 1-888-456-7184, 1-877-676-0587, 1-877-313-5373
Symptoms	fake system messages fake security warnings pop-up errors fake Apple Defender scan
Removal	Apple Defender Security Center removal guide

Examples of similar scams

Apple Defender Security Center is not the only scam to be aware of. We have reported similar scams many times, some of the most recent: Apple Platform Security, Trojan Spyware Alert, Your MAC might be at risk, Firewall Spyware Alert. Some of these scams are positioned as a legitimate Apple or Microsoft website, but in fact have nothing to do with Apple and Microsoft. The “technical support scam” sites should never be trusted, they should be closed as soon as they appear on the screen.

Where Did the Apple Defender Security Center Pop-Ups Come From

As mentioned above, the Apple Defender Security Center scam is caused by different ways (adware, pop-ups, software downloads, redirects). Adware is considered by many to be synonymous with ‘malicious software’. It is a harmful app which displays unwanted advertisements to computer users. Some examples include pop up advertisements, push notifications, fake alerts or unclosable windows. Adware can seriously affect your privacy, your computer’s performance and security.

Adware usually comes on Apple computers with free apps. In many cases, it comes without the user’s knowledge. Therefore, many users aren’t even aware that their Mac has been affected with PUAs and adware software. Please follow the easy rules in order to protect your MAC from adware and potentially unwanted applications: don’t install any suspicious apps, read the user agreement and select only the Custom, Manual or Advanced installation mode. Also, always try to find a review of the installed application on the Internet. Be careful and attentive!

How to remove Apple Defender Security Center pop-ups (Adware removal guidance)

Fortunately, we have an effective method to help you manually and/or automatically get rid of Apple Defender Security Center pop-ups and restore your Mac/browser settings to normal. Below you will find a removal guide with all the steps you may need to successfully remove adware and its traces. Some of the steps below may require you to close this page. So please read the steps carefully and then bookmark them or open them on your smartphone for future reference.

Remove profiles created by Adware

Adware can make changes to the Mac system such as malicious changes to browser settings, and the addition of malicious system profiles. You need to check the system preferences, find and remove malicious profiles and ensure your settings are as you expect.

Click Apple menu ( ) > System Preferences.

In System Preferences, select Profiles. if there is no Profiles in the list of preferences, that means there are no profiles installed on the Mac computer. If there is Profiles in the list, then click on it, then select a profile related to the adware.

To delete a malicious profile, click on the minus button ( – ) located at the bottom-left of the Profiles screen.

Check the list of installed apps

Some browser hijackers, adware and PUAs can be removed by uninstalling the free programs they came with. If this way does not succeed, then looking them up in the list of installed software in the Finder. Use the “Move to Trash” command in order to remove them.

1. Open the Finder.
2. Click “Applications”.
3. It will show a list of all programs installed on the Apple Mac.
4. Scroll through the all list, and uninstall questionable and unknown software. Pay maximum attention to the program you installed last.
5. Drag the suspicious application from the Applications folder to the Trash.
6. Empty Trash.

Remove Adware related files and folders

Now you need to try to find Adware related files and folders, and then delete them manually. You need to look for these files in certain directories. To quickly open them, we recommend using the “Go to Folder…” command.

Some files created by Adware are hidden from the user. To find and delete them, you need to enable “show hidden files”. To do this, use the shortcut CMD + SHIFT + . Press once to show hidden files and again to hide them. There is another way. Click Finder -> Applications -> Utilities -> Terminal. In Terminal, paste the following text: defaults write com.apple.finder AppleShowAllFiles YES

Press Enter. Hold the ‘Option/alt’ key, then right click on the Finder icon in the dock and click Relaunch.

Click on the Finder icon. From the menu bar, select Go and click “Go to Folder…”. As a result, a small window opens that allows you to quickly open a specific directory.

Check for Adwarey generated files in the /Library/LaunchAgents folder

In the “Go to Folder…” window, type the following text and press Go:
/Library/LaunchAgents

This will open the contents of the “/Library/LaunchAgents” folder. Look carefully at it and pay special attention to recently created files, as well as files that have a suspicious name. Move all suspicious files to the Trash. A few examples of files: com.machelper.plist, search.plist, installapp.plist, com.google.defaultsearch.plist, , macsearch.plist, and com.net-preferences.plist. Most often, browser hijackers, potentially unwanted programs and adware create several files with similar names.

Check for Adware generated files in the /Library/Application Support folder

In the “Go to Folder…” window, type the following text and press Go:
/Library/Application Support

This will open the contents of the “Application Support” folder. Look carefully at its contents, pay special attention to recently added/changed folders and files. Check the contents of suspicious folders, if there is a file with a name similar to com.machelper.system, then this folder must be deleted. Move all suspicious folders and files to the Trash.

Check for Adware generated files in the “~/Library/LaunchAgents” folder

In the “Go to Folder…” window, type the following text and press Go:
~/Library/LaunchAgents

Proceed in the same way as with the “/Library/LaunchAgents” and “/Library/Application Support” folders. Look for suspicious and recently added files. Move all suspicious files to the Trash.

Check for Adware generated files in the /Library/LaunchDaemons folder

In the “Go to Folder…” window, type the following text and press Go:
/Library/LaunchDaemons

Carefully browse the entire list of files and pay special attention to recently created files, as well as files that have a suspicious name. Move all suspicious files to the Trash. A few examples of files to be deleted: com.machelper.system.plist, com.installapp.system.plist, com.macsearch.system.plist and com.search.system.plist. In most cases, adware, PUPs and browser hijackers create several files with similar names.

Scan your Mac with MalwareBytes

We suggest using MalwareBytes to scan your Mac computer for adware, browser hijackers and potentially unwanted apps. This remover is an advanced malware removal tool developed by (c) Malwarebytes lab. It uses the world’s most popular antimalware technology. MalwareBytes is able to help you remove malicious software and other security threats from your Mac computer for free.

Download MalwareBytes Free on your machine by clicking on the link below.

Once the download is finished, close all software and windows on your MAC. Run the saved file. Follow the prompts.

MalwareBytes will automatically start and you can see its main screen like below.

Now press the “Scan” button to perform a system scan with this utility for the adware related to the Apple Defender Security Center pop ups. This task can take quite a while, so please be patient. While the MalwareBytes program is checking, you may see count of objects it has identified as threat.

Once the system scan is complete, you will be shown the list of all detected threats on your Mac. All found threats will be marked. You can remove them all by simply press the “Quarantine” button. The MalwareBytes Anti Malware will move the selected threats to the Quarantine.

Remove Apple Defender Security Center from Safari, Chrome, Firefox

If you are still seeing Apple Defender Security Center pop-ups that won’t go away, you might have harmful addons installed on your web browser. Check your web browser for unwanted plugins using the steps below.

Google Chrome	Mozilla Firefox
In the top-right corner, expand the Google Chrome menu. In the menu go to ‘More tools’, then ‘Extensions’. Click ‘Remove’ to uninstall an extension. Click ‘Remove’ in the dialog box. You can also try to remove Apple Defender Security Center pop-ups by reset Google Chrome settings.	Click on ‘menu’ button and select ‘Add-ons’. Go to ‘Extensions’ tab. To uninstall an add-on, click on ‘Remove’ button next to it. If you are still experiencing issues with Apple Defender Security Center removal, you need to reset Firefox browser.
Safari
On the top menu select ‘Safari’, then ‘Preferences’. Select ‘Extensions’ tab. Select an extension you want to delete and click ‘Uninstall’ button next to it.

How to stop Apple Defender Security Center pop-ups

Enabling an ad-blocker application such as AdGuard is an effective way to alleviate the risks. Additionally, ad blocking applications will also protect you from malicious advertisements and websites, and, of course, stop redirection chain to the Apple Defender Security Center scam and similar websites.

Installing the AdGuard is simple. First you’ll need to download AdGuard on your MAC from the following link.

After the downloading process is complete, run the downloaded file. You will see the “Setup Wizard” screen. Follow the prompts.

Each time, when you start your MAC, AdGuard will launch automatically and stop unwanted popup advertisements, block Apple Defender Security Center scam, as well as other harmful or misleading web sites.

Finish words

If you encounter a scam that is similar but not the same as the example above, please post it as a comment on this article. This helps us to warn users about current scams, monitor trends and disrupt scams where possible.

If you need more help with Apple Defender Security Center related issues, go to here.