Fake Zeus Popup

fake-zeus-popup-screenshotFake Zeus Popup: a reader asks…

We just setup a new Mac Mini 2 days ago. I was surfing around in Safari and must have accidentally clicked on something I shouldn’t have. My screen went black with a warning message and then a popup came that told me I was infected with the Zeus virus (screenshot attached). A couple of minutes later a voice started coming telling me to not ignore this warning and to follow the instructions. What should I do?

This is a scam, no question. DO NOT call the number listed, and do not get overly concerned. Calmly shut down your browser, then restart your Mac. Do not revisit the website you accidentally went to, it belongs to a hacker who will try to steal your money, your data, and your identity.

Virus Alert graphic, image from ShutterstockHow do I know this is a scam? It’s generally similar to what I wrote about last week in my article Fake Infection (https://positek.net/fake-infection/). The screenshot you sent is just a carefully crafted web page (crafted by a hacker) that includes coding to show the fake warning, popup a dialogue box, and play an audio file. These are very easy for anyone to create in HTML (the language that makes websites). The warning screenshot you sent has a DOS-like look (white text on a black background), and the popup simply makes it seem more critical. That DOS-like look could only be real if a) you were using a Microsoft Windows computer and the Command Prompt window or Windows had actually crashed and you were seeing a full-screen version of that, or b) if you were using the Mac’s Terminal program. Don’t worry, your Mac is not infected, and won’t be unless you were to call that number and give the hacker remote access to your computer. Your Mac is immune to most computer viruses. Were you using a Microsoft Windows computer, the risk might have been greater because malware can be encoded right into the HTML of a website and an unsecured Windows PC could be infected just by opening the web page. Not so for a Mac.


Although the Zeus malware is a real threat, this scam like most, takes a bit of truth and mixes in a ton of falsehood. These scams take advantage of most consumers’ lack of complete knowledge about threats, and their fear of being infected. I will tell you unequivocally, you should never, ever call a phone number or visit a website as a result of a warning message.

woman-reporting-crime-to-police-image-from-shutterstockSince this was not a real malware infection, your computer has no reason to not display a website that you visit. If the website included code that could actually infect your computer, there would be a different type of warning, such as Safari simply refusing to show you the web page. For Microsoft Windows computers, they are more dependent on antivirus and anti-malware software to provide this warning, without good protection a Windows computer could be easily infected just by opening a web page, clicking a link, opening a file attachment, etc.

So good on you that you’re using a Mac, now you just need to get savvy on recognizing scams because that’s pretty much the only thing hackers can send at a Mac user. If they can fool you into giving them remote access, then they can actually make changes to your Mac that give them more permanent and surreptitious access to your computer as well as transfer files and more from your computer to theirs.

One other thing to note: Web browsers have lots of flexibility. One setting you can make is to have the browser re-open any windows that were open the last time you ran the web browser. This can be really handy, but can also be a problem. If you visited a poisoned website and then shut down your browser, re-opening the web browser would re-open that poisoned website. It’s much safer to set your browser to only open a set home page, or to open a blank tab.

This website runs on a patronage model. If you find my answers of value, please consider supporting me by sending any dollar amount via:

Click or tap to open a new browser tab or your Venmo app and send money via Venmo to @positek(@PosiTek)Click or tap to open a new browser tab or your Paypal app to send money via your Paypal account to support@positek.net (Support@PosiTek.net)Click or tap to open a new browser tab or your Paypal app to send money using your credit card to support@positek.net (no Paypal account required)using any credit card
or by mailing a check/cash to PosiTek.net LLC 1934 Old Gallows Road, Suite 350, Tysons Corner VA 22182. I am not a non-profit, but your support helps me to continue delivering advice and consumer technology support to the public. Thanks!

Leave a Comment

Your email address will not be published. Required fields are marked *

For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

This site uses Akismet to reduce spam. Learn how your comment data is processed.