It is 100% a scam. It’s unlikely that it did anything actually harmful to your computer as long as you didn’t click anything else or download something from the page. Just close the window and you should be fine.
In addition to what everybody else said, I recommend running an ad blocker. Either as an add-on to your browser or some other mechanism.
Scams like this are often distributed through advertising networks. Some random web site’s ad tells your browser to open a popup window, which presents a scary looking page like this one. If you click on the link, it will try to install malware. Various security mechanisms in your browser and/or macOS should require your approval, but the scammers are expecting that you will give it approval because of the scary web page that claims to be from Apple.
If you are blocking ads, then you probably won’t see the scam at all, since the ad network itself will be blocked.
All this having been said, some telltale signs that this is a scam:
You’re viewing a web page. This is a Safari browser window, not an alert from any kind of anti-malware app.
Even if you think Apple has some system for scanning and reporting malware through Safari, note that you are not viewing an Apple web site. This page is coming from a system-appstore.com domain. Apple would be using a domain that Apple owns. Probably something under apple.com or icloud.com.
The page has bad English. Probably not written by someone who is a native English speaker.
The web page is threatening you. Lines like “2 minute 4 seconds remaining before damage is permanent.” sound scary (something you might see in a movie), but make no sense at all. Malware doesn’t publish timers - it just causes damage. And real malware scanners don’t try to scare you into running them.
Why is the page asking you to scan for anything if malware was already detected? Again, they’re trying to scare you into acting without thinking.
@Simon I second the Malwarebytes recommendation. I have them on all my Macs, my iPhone and my iPad Pro. The iPhone app is really great at both blocking and/or highlighting questionable calls. The Mac app is excellent and right on top of things - daily scans and alerts when needed.
Great advice in the other responses here. I’m recommending to my brother that he check this discussion because he is having some issues and really has neither the time nor the tech comfort to know how to respond to the ever changing security issues online brings to us these days. Thank you all!
There’s this solution hat is lost in the history archives.
I recently did something (don’t know - fat finger maybe) that caused a very ransomware-ish page to open. I force-quit Safari and then held down the Option key to relaunch Safari. Safari launches with no tabs. You can go to History to reopen the good tabs. HTH Mike
I consider it good practice to configure web browsers to never automatically re-open windows from a previous session. This way, if you must force-quit the browser, it won’t re-open with the tabs/windows that were causing problems. On Safari (at least on Catalina), here’s the relevant preference:
Those pop-up virus messages are ALWAYS a scam. They might claim to be from Apple but they’re not. Hysterically, it can even claim to be Microsoft tech support and my Mac clients still fall for it! Sometimes, like in the OP example, if you click on the link it will install some malware.
Typically, the “tech” get remote access to your computer, open the system log, and proceed to do very technical scary looking stuff. Then they’ll ask for a credit card number. Ostensibly this is for “lifetime protection”.
Having had maybe a dozen of my clients fall for this over the years, I worry that some sort of keylogger or spyware is being installed, but I think maybe all they’re after is the credit card number. Years ago they only charged a couple hundred dollars. The last incident I heard about it was $2500. Almost always the victims are older people who are pretty insecure about technology anyway.
Scammers that victimize older people really make me especially angry. It sure seems to me like with a trail left from a credit card there should be a means of cracking down on these people.
This is a newer version of an old scam. No popup in your browser is going to know if your computer is infected, and Apple, or Microsoft, or anyone else won’t either. If you have Malwarebytes scanning, or Intego’s VirusBarrier, which I like better for actual malware, you may get a notification, but not in your browser.
Well, I have now been a victim of a really nasty scam. I regularly go to the obituary listing of the Syracuse newspaper. I spent 28 years as a pastor in Syracuse and want to be able to respond to families and friends when they have had a death. I regard this as an important task and have had little problem with reviewing the obits. Suddenly I will be looking through the listing and at times opening a particular notice when the screen below suddenly pops up - and completely locks up the program. Restarting doesn’t do a thing because it will happen all over - even though I did not use the browsing history to reopen the page.
I contacted the newspaper and received an e-mail saying they have referred it to the tech folk - that was well over a week ago. The beat goes on. And I have a wall full of protection software. What bothers me is this is stopping me from something very important and it is just senseless. I should have known this might happen when I sent $2,000 dollars to that dear lady in a very foreign country who e-mailed me using the most awful grammar and spelling to help her get her pancake making business started!!!
I’m not sure if your post is legit or sarcasm. But I’ll assume legit.
You’re not a victim unless you clicked on the link and sent the scammer money. Did you?
This is one of the reasons I run ad blockers on my web browsers. It prevents a lot of this garbage from ever loading, so I don’t need to worry about whether it is exploiting a vulnerability in my web browser.
Of course, the scam is pretty obvious, if you think about it. It is claiming that McAfee ran a scan on your system, found five viruses, and is asking you to pay money to activate a subscription. That’s not how antivirus software works. If you’re not paid-up, it doesn’t scan for anything. And all of the legitimate antivirus companies give away cleanup tools for free.
If the scam keeps popping up, see if you can clear your browser’s cache. You may be viewing an old, cached copy of the scam. If your browser has a popup blocker, use it. I recommend installing an ad blocker - configure it to block content everywhere except for those specific sites where you deliberately want to view ads (e.g. an ad-supported web site that you want to support).
And whatever you do, do not click on the button in the scam. That will take you to web pages that pretend to be McAfee, but will in fact steal your credit card information, running up massive charges that you will be forced to dispute.