Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

My Mac (OSX 10 Yosemite) May Be Infected

Huntn

Huntn

macrumors Penryn
Original poster
May 5, 2008
24,543
27,652
The Misty Mountains
Chrome (Mac) message:
MacWebSecurity10.online says:

Your Computer is infected with an adware or malware causing you to see this popup.

This may happen due to obsolete virus protections.

To fix, please call Apple Support at 1-844-809-6389 immediately. Please ensure you do not restart your computer to prevent data loss.

Possibility of Data & Identity theft, if not fixed immediately.

This message appeared when using Chrome on a black page with a large Apple icon saying Powered By Apple.com.
---------------

Here's the background. This morning I tried to log into my Amazon Chase Visa account online using Firefox. I have a variety of security addons installed and have had no issues in the past. Over the last week, when I complete the login, I get a message from Chase, "we'll be back soon" along with a list of phone numbers. I called chase, who verified their site was up and suggested I try a different browser.

Cranking up Chrome (Mac), I got the above message when trying to log into the Chase site. I also got a warning with Safari.

While I research is anyone familiar with this?
Thanks!
 
http://844.cataphone.com/number/view/8448096389

Здравствуйте все, это МОЙ номер телефона! --> Hello all, this is my phone number!

That number is not Apple support, and likely speaks with a strong Moscow accent.

When they give you a phone number, it's often informative to do a search for that number online.
Same as when you get scam phone calls.
 
  • Like
Reactions: grahamperrin
Mr_Brightside_@ said:
Sounds like adware, probably nothing to worry about.
Download and run
https://www.malwarebytes.com/mac-download/
and report back. This link will automatically initiate the download.
Click to expand...

Downloaded, ran, it found a long list of stuff in my library, which it says it removed. Hopefully this has taken care of the issue. Thanks so much! I'll report back if these issues continue to pop up.

Now I just have to figure out why I can't get logged into my Amazon/Chase account using Firefox! :)
 
  • Like
Reactions: grahamperrin
Huntn said:
Downloaded, ran, it found a long list of stuff in my library, which it says it removed. Hopefully this has taken care of the issue. Thanks so much! I'll report back if these issues continue to pop up.

Now I just have to figure out why I can't get logged into my Amazon/Chase account using Firefox! :)
Click to expand...

Chase has just recently implemented new security measures and sent out a warning today regarding browsers that are not secure and will not be supported. As flaky as Firefox has been with all its changes and revisions, I would switch to another browser and try again. Always safe to use Safari. :)
 
chscag said:
Chase has just recently implemented new security measures and sent out a warning today regarding browsers that are not secure and will not be supported. As flaky as Firefox has been with all its changes and revisions, I would switch to another browser and try again. Always safe to use Safari. :)
Click to expand...

I've used both browsers for over a decade and Firefox has performed well. Interesting on the security updates at Chase. What bothered me is that I got a message, we'll be back later, here are phone numbers, not your browser does not meet our security requirements. I also had troubles logging into their site with Safari, finally got through using Chrome.
 
chscag said:
Chase has just recently implemented new security measures and sent out a warning today regarding browsers that are not secure and will not be supported. As flaky as Firefox has been with all its changes and revisions, I would switch to another browser and try again. Always safe to use Safari. :)
Click to expand...

Huntn said:
I've used both browsers for over a decade and Firefox has performed well. Interesting on the security updates at Chase. What bothered me is that I got a message, we'll be back later, here are phone numbers, not your browser does not meet our security requirements. I also had troubles logging into their site with Safari, finally got through using Chrome.
Click to expand...

For anyone having trouble with Chase.com, the comments on this site are interesting: http://www.isitdownrightnow.com/chase.com.html
 
Btw, how are browsers infected with adware? Is it as simple as visiting a web site? I rarely use safari or Chrome so was shocked when both of them close this occasion to display adware, you're infected messages.
 
Huntn said:
Btw, how are browsers infected with adware? Is it as simple as visiting a web site? I rarely use safari or Chrome so was shocked when both of them close this occasion to display adware, you're infected messages.
Click to expand...
Some advertisements use javascript to display a popup message, very similar to the one you posted in the OP - this is known as scareware. The first thing I do with such a message is close the browser and clear cache/history. The reason people don't see that message every time they visit is because ads are often in a rotation mode, so they're more likely to get a different advertisement with each visit and not all of them use javascript. The best advice is to never click links or call phone numbers in such messages, they do more harm than good.
 
ardchoille50 said:
Some advertisements use javascript to display a popup message, very similar to the one you posted in the OP - this is known as scareware. The first thing I do with such a message is close the browser and clear cache/history. The reason people don't see that message every time they visit is because ads are often in a rotation mode, so they're more likely to get a different message with each visit. The best advice is to never click links or call phone numbers in such messages, they do more harm than good.
Click to expand...

Thanks. Of interest, I have pop ups blocked, and these appeared as web pages (asI recall). I will try dumping the cache history.
 
I'm not sure about other browsers, but a handy Safari trick is opening the app holding shift.
This starts a new session, not loading any previous windows, which often helps with these scareware ads.
 
Been using Chase.com with Safari for at last seven years, no problems here.

Thanks for sharing this though, I'm betting my parents run into this (they use Firefox).
 
Huntn said:
Btw, how are browsers infected with adware? Is it as simple as visiting a web site? I rarely use safari or Chrome so was shocked when both of them close this occasion to display adware, you're infected messages.
Click to expand...

First off, there's a difference between a true adware infection, and getting a pop-up message that says, "Your computer is infected... call (toll free number)." Such messages are scams, not infections. Your browser or operating system did not detect anything. The web page you're visiting simply dished-out a bogus "warning."

True adware infection requires a download/install. Most commonly, thats via either an invitation to install/update a browser plug-in, or as a hidden component of a software download.

Pretty much, if you're suckered into downloading MacKeeper, some adware is going to hitch a ride. Some software download web sites routinely include adware with their downloads. At this point, with few exceptions, I won't download from anyone but the Mac App Store or the original author/producer of the software.

You can't trust a website popup that says to install/update items like Adobe Flash, Adobe Reader, Java, Microsoft Silverlight... All are perfectly legitimate items if you download from the original source, but you can't trust web site popups to either 1) tell you truthfully that you need an update or 2) actually deliver the software they're claiming to deliver. Go directly to the source. Do not click, Download Now.

Most legitimate plugins now offer a way to check if you have the latest version (either by going to the company web site, or via an item in Mac System Preferences - both Flash Player and Java are in System Preferences).
 
  • Like
Reactions: Huntn
Mr_Brightside_@ said:
You have their HTTPS site bookmarked? You're not following links from anywhere?
Click to expand...
Yes, bookmarked, or copy paste URL www.chase.com/amazon.
[doublepost=1468068597][/doublepost]
ApfelKuchen said:
First off, there's a difference between a true adware infection, and getting a pop-up message that says, "Your computer is infected... call (toll free number)." Such messages are scams, not infections. Your browser or operating system did not detect anything. The web page you're visiting simply dished-out a bogus "warning."

True adware infection requires a download/install. Most commonly, thats via either an invitation to install/update a browser plug-in, or as a hidden component of a software download.

Pretty much, if you're suckered into downloading MacKeeper, some adware is going to hitch a ride. Some software download web sites routinely include adware with their downloads. At this point, with few exceptions, I won't download from anyone but the Mac App Store or the original author/producer of the software.

You can't trust a website popup that says to install/update items like Adobe Flash, Adobe Reader, Java, Microsoft Silverlight... All are perfectly legitimate items if you download from the original source, but you can't trust web site popups to either 1) tell you truthfully that you need an update or 2) actually deliver the software they're claiming to deliver. Go directly to the source. Do not click, Download Now.

Most legitimate plugins now offer a way to check if you have the latest version (either by going to the company web site, or via an item in Mac System Preferences - both Flash Player and Java are in System Preferences).
Click to expand...

Thanks for the info, but I have to question some of this. I was visiting www.chase.com when these messages appeared. I'd assume they are not from that web site, but from some other origination, like the one marked as powered by Apple.com did not originate from Chase.com, unless the site has been infected.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back