Virus Spyware message from Apple website

Discussion in 'macOS' started by The-Pro, Feb 14, 2017.

  1. The-Pro macrumors 65816

    Joined:
    Dec 2, 2010
    Location:
    Germany
    #1
    So I was on the australian apple website looking for a genius bar appointment 2 days ago and today I clicked on the tab which was still open and it showed (screenshot attached). The webpage it displayed as being currently on was: gem-sol.in/mc/aus/ (see other screenshot)

    Has anyone seen this before?? and whats going on?

    I let Malwarebytes do a system scan and it didnt find anything.

    cheers
     

    Attached Files:

  2. FreemanW, Feb 15, 2017
    Last edited: Feb 15, 2017

    FreemanW macrumors 6502

    Joined:
    Sep 10, 2012
    Location:
    The Real Northern California
    #2
    Your brief experience may be related to these stories I was cruising . . . . . . . . . the catalyst for coming here to see if anyone here was talking about this.

    PCWorld
    ArsTechnica
    --- Post Merged, Feb 15, 2017 ---
    It would seem that MacKeeper is implicated in the malware compromise being discussed in the linked articles.

    I'm shocked. Shocked I tell you. ;)

    BitDefender will apparently have its way with it, if anything related to these discussions managed to get onto your system.
     
  3. The-Pro thread starter macrumors 65816

    Joined:
    Dec 2, 2010
    Location:
    Germany
    #3
    Which is why I was a bit freaked out, I read about that malware just earlier but I dont have mackeeper or that komplex downloader or whatever.

    "Our preliminary analysis shows most of the C&C URLs impersonate Apple domains." hmmm maybe that was it. I didnt click anything on that webpage, I screenshotted it and closed it. Did I get lucky??? :D

    Ill have a look at bitdefender, but I wont buy it unless I know im infected
     
  4. thomasareed macrumors member

    thomasareed

    Joined:
    Aug 24, 2015
    #4
    That is a scam website. You're probably not actually infected with anything.

    If the only site you had loaded was Apple's site and this popped up from there, then that may mean you've got something bad installed, or it may be a problem with your network. I wouldn't worry about either of these things unless these pop-ups keep appearing, though.

    Whatever's going on, it's unrelated to the new XAgent malware. Not only is this not something the XAgent malware does, but XAgent is dead at this point... its command & control servers are down.
     
  5. The-Pro thread starter macrumors 65816

    Joined:
    Dec 2, 2010
    Location:
    Germany
    #5
    I had probably 30 sites open but the one i posted about replaced the apple site.
    well good to know its most likely nothing and ill leave it at that :D
    thanks!
     
  6. old-wiz macrumors G3

    Joined:
    Mar 26, 2008
    Location:
    West Suburban Boston Ma
    #6
    The fact that they mention a credit card number is obvious sign of scam. not from apple
     
  7. FreemanW macrumors 6502

    Joined:
    Sep 10, 2012
    Location:
    The Real Northern California
    #7
    There is a freeware scanning tool version of Bitdefender. There is also Trafficlight by Bitdefender, an extension for Safari available straight through the Apple App Store.
     

Share This Page