Sandgerl.com is a browser-based scam that attempts to mislead users with fake Apple messages

Sandgerl.com is a site made by scammers to trick users into downloading software. The main principle of scam operation is to scare users into believing that their Mac or iOS device has been compromised and that all personal data is accessible to hackers. The message threatens to reveal front camera photos and browsing history to everyone on the contact list.
Evidently, all the message says it is fabricated, and no hackers have breached your device. The browser tab showing the Sandgerl.com page should be immediately closed and not interacted with, as you risk installing potentially unwanted or even dangerous software. We also recommend checking the system for adware,[1] as those infected might experience redirects to various phishing websites and be exposed to ads more often.
| Name | Sandgerl.com |
| Type | Scam, phishing, redirect, adware |
| Operation | Claims that the device has been hacked and that surveillance is being performed. If the user would not allegedly “fix” the issue in two minutes, personal photos and other private data would allegedly be sent to all contact lists. |
| Distribution | Redirects from other malicious websites, adware |
| Risks | Installation of PUPs or malware, sensitive information disclosure, financial losses |
| Removal | You should not interact with the contents shown by a scam website, check your system for adware or malware infections with SpyHunterCombo Cleaner security software |
| Other tips | Use FortectIntego to remediate the system after adware infection. The tool can also be used to clean web browsers automatically |
How do you get to Sandgerl.com?
Most people would not deliberately risk their online safety, thus they try to stay away from malicious content as much as possible. However, some users willingly visit high-risk websites despite knowing about the risks they carry. For example, peer-to-peer networks, YouTube video conversion sites, or illegal video streaming platforms are something that people are keen on using because they can acquire access to digital goods for free.
It is a well-known fact that such websites are poorly protected from a security standpoint – they might host malicious advertisements or disguise a malicious downloadable file as some popular app installer. Since users assume the virus detection warning is a false positive,[2] they infect their machines with ransomware[3] or other dangerous malware.
When accessing websites of dubious nature, you also risk being redirected to scam websites such as Sandgerl.com, Prelandappslab.com, Bluestringline.com, Nathanaeldan.pro, and similar. These scams are shown unexpectedly, and users might fall for social engineering tricks used by crooks easier.
Scam message
Fear is a powerful emotion that is commonly abused by scammers online. The main goal is to make users scared about their personal safety or make them believe that their computers have been compromised – or both. Extortion messages have been spreading in the form of emails, as users have been receiving fake threats about their camera pictures being shown to social media friend lists.

Without a doubt, the message pushed by Sandgerl.com is fake, and nobody is watching you in the sense that it's explained:
Apple security
Hackers are watching you!
Your Apple iPhone connection has been hacked and someone is watching on you! Please do not close this page. If you don't fix this in two minutes, the hacker will reveal your identity and send your browsing history and front-facing camera photos to everyone in your contacts!
minute seconds
Recovery method:
Step 1: Click the “Connection Protection” button below.
Step 2: You will be redirected to the App Store.
Step 3: Install and run the recommended protection app to recover your Apple iPhone.
Protect your connection
The main goal of cybercriminals is to ensure you download and install promoted software. There are plenty of online scams that use this trick to make people scared so they would download and install applications. This way, crooks receive illegal affiliated revenue while users end up with programs they never needed or wanted. In some cases, the promoted apps might be useless or dangerous, so installing them is highly discouraged.
How to recover from browser-based scams?
First of all, we would like to say once more that you should completely disregard everything said within the scam message – it is shown to any user who happens to visit the page. If you have interacted with the scam, you should immediately take action. For example, if you have downloaded software, you should immediately uninstall it.
If you have disclosed your contact or other personal details, you should remember that scammers might contact you via those known channels and would try to fool you again, potentially making you lose a lot of money, so be wary. If you have not interacted with the Sandgerl.com scam, we still recommend checking the system for infections, and the easiest way to do this is by scanning it with SpyHunterCombo Cleaner, MalwarebytesMalwarebytes, or another powerful anti-malware tool.
1. Check for adware
The first thing to do is shut down all the background processes related to adware. You can do that by accessing Activity Monitor. After that's done, you can then look for apps to remove:
- Open Applications folder
- Select Utilities
- Double-click Activity Monitor
- Here, look for suspicious processes related to adware and use the Force Quit command to shut them down
- Go back to the Applications folder
- Find suspicious apps and move them to Trash.
To get rid of the persistence mechanisms from your device, you need to get rid of Login Items and Profiles created by unwanted apps. You can find them as follows:
- Go to Preferences and pick Accounts
- Click Login items and delete everything suspicious
- Next, pick System Preferences > Users & Groups
- Find Profiles and remove unwanted profiles from the list.
The PLIST files are small config files, also known as “Properly list.” They hold various user settings and hold information about certain applications. In order to remove the virus, you have to find the related PLIST files and remove them.
- Select Go > Go to Folder.
- Enter /Library/Application Support and click Go or press Enter.
- In the Application Support folder, look for any dubious entries and then delete them.
- Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the related .plist files.

2. Clean browser caches
Adware and other potentially unwanted or malicious software are known to track user data with the help of cookies and other technologies. Therefore, if you have found potentially unwanted applications on your device, you should take your time to clean them properly. If you want to do this manually, proceed with the steps below; if you want a quicker solution – we recommend performing a scan with FortectIntego maintenance utility instead.
Safari
- Click Safari > Preferences…
- In the new window, pick Extensions.
- Select the unwanted extension and select Uninstall.

Clear cookies and other website data from Safari:
- Click Safari > Clear History…
- From the drop-down menu under Clear, pick all history.
- Confirm with Clear History.

Reset Safari if the above-mentioned steps did not help you:
- Click Safari > Preferences…
- Go to the Advanced tab.
- Tick the Show Develop menu in the menu bar.
- From the menu bar, click Develop, and then select Empty Caches.

Google Chrome
- Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
- In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove.

Clear cache and web data from Chrome:
- Click on Menu and pick Settings.
- Under Privacy and security, select Clear browsing data.
- Select Browsing history, Cookies and other site data, as well as Cached images and files.
- Click Clear data.

Change your homepage:
- Click the menu and choose Settings.
- Look for a suspicious site in the On startup section.
- Click on Open a specific or set of pages and click on three dots to find the Remove option.
Reset Google Chrome
If the previous methods did not help you, reset Google Chrome to eliminate all the unwanted components:
- Click on Menu and select Settings.
- In the Settings, scroll down and click Advanced.
- Scroll down and locate Reset and clean up section.
- Now click Restore settings to their original defaults.
- Confirm with Reset settings.

Solution for iOS users
If you are encountering suspicious pop-ups on your iPhone, you can block them via the browser settings.
- Open Settings and go to Safari
- Here, look for the following options:
Block Pop-ups
Fraudulent Website Warning - Enable them by toggling the switch to the right.
Your next task is to make sure that your browser data is cleared so that you wouldn't be rerouted to the same malicious pages or that phishing content wouldn't be shown again.
- Go to Safari Settings once again and click Advanced
- Tap the Website Data section
- Select Remove All Website Data.
Remove from Microsoft Edge
Delete unwanted extensions from MS Edge:
- Select Menu (three horizontal dots at the top-right of the browser window) and pick Extensions.
- From the list, pick the extension and click on the Gear icon.
- Click Remove.

Clear cookies and other browser data:
- Click on the Menu (three horizontal dots at the top-right of the browser window) and select Settings > Privacy, search, and services..
- Under Clear browsing data, pick Choose what to clear.
- Select Cookies and other site data and Cached images and files. (apart from passwords, although you might want to include Media licenses as well, if applicable) and click on Clear.

Restore new tab and homepage settings:
- Click the menu icon and choose Settings.
- Then find On startup section.
- Click Remove next to any suspicious startup page.
Reset MS Edge if the above steps did not work:
- Press on Ctrl + Shift + Esc to open Task Manager.
- Click on More details arrow at the bottom of the window.
- Select Details tab.
- Now scroll down and locate every entry with Microsoft Edge name in it. Right-click on each of them and select End Task to stop MS Edge from running.

Instructions for Chromium-based Edge
Delete extensions from MS Edge (Chromium):
- Open Edge and click select Settings > Extensions.
- Delete unwanted extensions by clicking Remove.

Clear cache and site data:
- Click on Menu and go to Settings.
- Select Privacy, search and services.
- Under Clear browsing data, pick Choose what to clear.
- Under Time range, pick All time.
- Select Clear now.

Reset Chromium-based MS Edge:
- Click on Menu and select Settings.
- On the left side, pick Reset settings.
- Select Restore settings to their default values.
- Confirm with Reset.
- This will disable extensions and reset startup pages but will not delete bookmarks, saved passwords, or browsing history.

Remove from Mozilla Firefox (FF)
Remove dangerous extensions:
- Open Mozilla Firefox browser and click on the Menu (three horizontal lines at the top-right of the window).
- Select Add-ons.
- In here, select the unwanted extension and click Remove.

Reset the homepage:
- Click three horizontal lines at the top right corner to open the menu.
- Choose Settings.
- Under Home, set your preferred homepage and new tab settings.
Clear cookies and site data:
- Click Menu and pick Settings.
- Go to Privacy & Security section.
- Scroll down to locate Cookies and Site Data.
- Click on Clear Data...
- Select Cookies and Site Data and Temporary cached files and pages, then click Clear.

Reset Mozilla Firefox
If clearing the browser as explained above did not help, reset Mozilla Firefox:
- Open Mozilla Firefox browser and click the Menu.
- Go to Help and then choose Troubleshooting Information.

- Under Give Firefox a tune up section, click on Refresh Firefox...
- Once the pop-up shows up, confirm the action by pressing on Refresh Firefox.

Was this guide helpful?
Be the first to comment