The McAfee push notifications that most Mac users are seeing these days are often fake and did not originate from the antivirus program itself. If you will observe, the appearance of these pop-ups mostly occurs when the Google Chrome or Safari browser is opened and when you are browsing the web. Legit antivirus alerts show up regardless of the internet browser activities, therefore, we can concur that the MacAfee notification alerts that often show up recently on Google Chrome or Safari are bogus and misleading.
These notifications pop up, supposedly originating from McAfee or any security applications on Mac, are common online scams designed to trick internet users into thinking that their computer is infected with a virus. Fake alerts such as these are often associated with the recommendations of either downloading a program or paying for an antivirus subscription. In certain cases, it prompts Mac users to provide personal and banking details, which we assume will be used for online fraud by the attackers.
What is McAfee pop-up scam?
Fake alerts appearing on the Mac computers masquerading as messages from McAfee or any antivirus programs aim to collect money from victims. It displays different deceiving messages on its pop-up page as well as the notification area. Here are some examples of the messages:
“Yearly subscription expired! Click here to update your payment method.”
“Critical virus alert! To activate protection, click here.”
“Warning! System Failure. Your system ran into problems. Contact Helpdesk.”
“McAfee subscription payment has failed. Please update your payment details to restore protection immediately.”
Why do these fake antivirus pop-ups appear?
The bogus pop-up notifications do not appear on the Mac computer on its own. It is usually triggered by the carelessness of users that pave the way for the following to display the alerts:
Adware: Adware or ad-supported programs, especially those that are in the form of browser extensions, can generate fake antivirus alerts. It can enter the Mac computer while bundled with freeware that users have downloaded from a questionable source.
Malicious Websites: Paying a visit to an illicit website that involves software and media piracy may trigger these fake alerts. In this scheme, the visited web page runs a script that makes it appear as a virus scanner page. Because of the flawless design, many web users do not recognize that it is a web page masquerading as an alert from McAfee.
Allowed Notification: Most, if not all, websites are requesting notification access during the web user’s first visit. Even malicious websites prompt for the same request. Actually, the pop-up messages in this scheme are coupled with misleading messages to trick users into clicking on the ALLOW button. In the case that Mac users permits this request, access to the browser notification is granted to the requestee and hence, aggressive fake antivirus pop-ups could start to appear on this section.
Potential dangers from these fake alerts
Financial Loss: From the beginning, the attackers set their goals on generating profit from this malicious advertising campaign. It is very obvious that fake antivirus alerts, especially the ones pretending to be from McAfee are suggesting to download a program or sign up for a subscription.
Malware Infection: As discussed earlier, the pop-up commonly suggests fixing the identified issue by downloading their recommended program. Sometimes, it is a legit one that needs paid activation, but there are cases where what they are offering for download is malware or a potentially unwanted program (PUP).
Phishing Attack: Remember that both the above schemes require users to release payment to attackers. We observed that sometimes, the cybercrooks are just aiming for affiliate sales, and in this case, Mac users are forwarded to the official store of the antivirus product. What is worrying is that we also discovered that the fake McAfee notifications are likewise designed to redirect the browser to phishing pages where the objective is to gather personal and financial information of web users.
What should you do to remove it?
When you see an antivirus alert coming from a full-page website, you just need to close the browser because we are certain that it is fake. If it originates from a notification pop-up, do not immediately click on the link or access the recommended solution. The safest way is to ignore the pop-up notification and go directly to your installed antivirus program. Verify if the alert is legit by going to its “Update” or “Settings” tab.
Scan with an effective antivirus program
If you are unsure of the security status of the computer after encountering this pop-up scam, we recommend scanning the computer with an efficient antivirus application like Combo Cleaner.
About the Scanner: Combo Cleaner is a trusted computer security and optimization tool equipped with a powerful virus and malware detection engine. This program can guard the device against pop-ups, redirects, and similar threats, whether it is PC, Mac, Android, or iOS. It is available on the Google Play Store and App Store.
Remove malicious URL from notifications
Below are straightforward procedures to delete the unwanted website address that is exploiting the browser’s notification to display the fake McAfee pop-ups:
Google Chrome
1 Open your Google Chrome browser.
2 Click on the ellipses icon (3-dot) on the upper-right corner of the browser.
3 Select Settings from the list.
4 On the Settings page, please click on Privacy and Security from the left sidebar.
5 Next, select Site Settings.
6 Scroll down to the Permissions area and click on Notifications.
7 On the next window, scroll down to the “Allowed to send notifications” area.
8 Choose the malicious website address that you think is issuing the McAfee fake pop-ups. Click on the options (3-dot) beside it, and select Remove from the list.
Safari Browser
1 Open Safari internet browser program.
2 Click on Safari menu and select Settings from the list.
3 Click on the Websites tab.
4 Next, click on the Notifications button on the left sidebar.
5 You will now see the section that says, “These websites have asked for permission to show alerts in Notification Center.”
6 Select the malicious website that you think is the culprit for the fake McAfee alert. Click on the web address, and then click the Remove button below.
Watch the Tutorial Video
Discussion