One of the top cybersecurity threats to arise in recent months isn’t technically malware but “scareware” targeting Apple Mac devices. It is distributed primarily via phishing emails that try to convince victims that their systems are infected with malware. In some cases, the scareware opens up a web page, while in others it launches an application that shows false malware scan results. Either way, it provides a link where the victim can buy fake malware removal software. 

If the victim clicks the link and buys the software, the scareware runs an installer that’s signed with a valid digital certificate so that it can get past macOS protections. The software it installs, MAC.OSX.AMCleaner, doesn’t appear to be malicious. Instead, it’s simply worthless “greyware” that the victim has paid good money for.

Many scareware scams simply pop up messages warning that malware or system errors have been detected, often baiting victims with the offer of a free scan to identify all threats. Then comes the catch — one must purchase an application to get rid of these alleged threats. Obviously, the fraudsters are able to convince enough people to shell out $30 or more for greyware. Otherwise, they wouldn’t continue using this tactic.

Some scareware seems to leave users with no options. They not only prevent legitimate security software from loading, but also block access to system tools and security web sites with the claim that these all represent unsafe executions. Each mouse click only produces more prompts and more offers to download installation files. This is when exasperated victims are most likely to give in and buy the bogus products.

There often is a way out of these ambushes. On a Windows system, right-click on the task bar or press “ctrl+alt+delete.” Click Start Task Manager and terminate any suspicious processes.  Then run an antivirus scan to find and remove the offending program and its related files. There are a number of tools that are known to be effective in rooting out and eliminating scareware.

Whatever you do, don’t buy and download the software. In a best-case scenario, you’re simply wasting your money. In the worst case, you may wind up downloading malicious code that will silently infect your system. And you’ve given your credit card number and other personal information to a criminal enterprise.

As with many security threats, you can avoid becoming a victim of scareware by learning how to spot attacks. For example, if software you’ve never installed is telling you that your system is infected with malware, it’s probably a scam. Another giveaway is how fast the malware “scan” runs. However, scareware can be difficult to spot because it often carries legitimate-sounding names and features professional-looking graphics. Organizations should invest in professional security training to help users understand these kinds of threats.

For further protection, you should ensure you are running legitimate, up-to-date antivirus software and keep your web browser and applications patched with the latest security releases. Make sure that the security settings on your mobile devices only allow the installation of apps from trusted sources. 

Your employees will always be the weakest link in your cybersecurity defenses. No corporate security policy is complete without awareness training. ICG offers web-based security awareness training on phishing, malware, social engineering and more to help prevent your users from getting duped.