Malware Disguised As Antivirus Targets Mac Users [News]

Ads by Google

A bogus version of the MacDefender antivirus application has recently fooled many Apple Mac OSX users into downloading and installing the malware on their computers. The fake antivirus, called MAC Defender, specifically targets Mac users using the Safari browser.

The virus infects people via an SEO poisoning attack, meaning that web searches for popular topics may return a malicious link at the top of the search results. In this case, when users click on this link they see a website with a fake Windows screen and a scan result saying their computer is infected. Then Javascript within the page will download the fake antivirus installer as a compressed .zip file.

The malware installer automatically opens for browser users who choose to automatically open ‘safe’ files they trust – this is Safari’s default setting. The first step in avoiding this malware and future similar attacks is to disable this function in Safari and other browsers you may use. Go to Preferences and uncheck the option to automatically open ‘safe’ files.

The virus deceives the user into installing the program. Users need to enter the administrator password and authorise the installation, but by this stage many users are already fooled into believing the software is legitimate.

Ads by Google

Once infected, users are asked for credit card details to pay for the antivirus software to continue providing protection. Only users who enter their details here will have their credit card details compromised.

To remove the MAC Defender malware, follow these simple steps:

  • First visit Applications > Utilities > Activity Monitor and stop all instances of the MacDefender program or similarly named items.
  • Delete all instances of MacDefender from Library > StartupItems, Library > LaunchAgents and Library > LaunchDaemons to ensure the application doesn’t re-open.
  • Revisit Applications and delete the application.
  • Check your recent downloads and delete the .zip file and application.
  • Run a Spotlight check to remove any other references to MacDefender.
  • Empty your trash.

Makers of the original MacDefender antivirus program have released a statement about the virus on their website:

“A few days ago a new malicious software for the Macintosh named MAC Defender surfaced. Of course, this site has nothing to do with this software, it is more like a Mac version of the PC Defenders. It is strongly recommended to NOT install this software and to disable the option for automatically opening ‘safe’ files in your browser.”Mac Defender Official Site.

For more detailed, technical information and screenshots of this malware, read this Intego Security Memo and Sophos update regarding the issue.

Apple Macintosh users usually see themselves as safe against viruses online, yet this virus uses social engineering and deception to gain the permissions required to install itself on the computer. Users who install the program believe it is the original MacDefender antivirus software, yet unwittingly unleash the virus themselves.

Source: TheNextWeb

Join live MakeUseOf Groups on Grouvi App Join live Groups on Grouvi
Mac OSX Tips & Issues
Mac OSX Tips & Issues
251 Members
Mac Troubleshooting
Mac Troubleshooting
107 Members
Apple Hardware Discussion
Apple Hardware Discussion
86 Members
Affiliate Disclamer

This article may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.
New comment

Please login to avoid entering captcha

Log In