Malware Disguised As Antivirus Targets Mac Users [News]

Mac Defender   Malware Disguised As Antivirus Targets Mac Users [News]A bogus version of the MacDefender antivirus application has recently fooled many Apple Mac OSX users into downloading and installing the malware on their computers. The fake antivirus, called MAC Defender, specifically targets Mac users using the Safari browser.

The virus infects people via an SEO poisoning attack, meaning that web searches for popular topics may return a malicious link at the top of the search results. In this case, when users click on this link they see a website with a fake Windows screen and a scan result saying their computer is infected. Then Javascript within the page will download the fake antivirus installer as a compressed .zip file.

The malware installer automatically opens for browser users who choose to automatically open ‘safe’ files they trust – this is Safari’s default setting. The first step in avoiding this malware and future similar attacks is to disable this function in Safari and other browsers you may use. Go to Preferences and uncheck the option to automatically open ‘safe’ files.

Uncheck option to Automatically open safe files   Malware Disguised As Antivirus Targets Mac Users [News]

The virus deceives the user into installing the program. Users need to enter the administrator password and authorise the installation, but by this stage many users are already fooled into believing the software is legitimate.

MacDefender installer   Malware Disguised As Antivirus Targets Mac Users [News]

Once infected, users are asked for credit card details to pay for the antivirus software to continue providing protection. Only users who enter their details here will have their credit card details compromised.

To remove the MAC Defender malware, follow these simple steps:

  • First visit Applications > Utilities > Activity Monitor and stop all instances of the MacDefender program or similarly named items.
  • Delete all instances of MacDefender from Library > StartupItems, Library > LaunchAgents and Library > LaunchDaemons to ensure the application doesn’t re-open.
  • Revisit Applications and delete the application.
  • Check your recent downloads and delete the .zip file and application.
  • Run a Spotlight check to remove any other references to MacDefender.
  • Empty your trash.

Makers of the original MacDefender antivirus program have released a statement about the virus on their website:

“A few days ago a new malicious software for the Macintosh named MAC Defender surfaced. Of course, this site has nothing to do with this software, it is more like a Mac version of the PC Defenders. It is strongly recommended to NOT install this software and to disable the option for automatically opening ‘safe’ files in your browser.”Mac Defender Official Site.

For more detailed, technical information and screenshots of this malware, read this Intego Security Memo and Sophos update regarding the issue.

Apple Macintosh users usually see themselves as safe against viruses online, yet this virus uses social engineering and deception to gain the permissions required to install itself on the computer. Users who install the MacDefender.app program believe it is the original MacDefender antivirus software, yet unwittingly unleash the virus themselves.

Source: TheNextWeb

The comments were closed because the article is more than 180 days old.

If you have any questions related to what's mentioned in the article or need help with any computer issue, ask it on MakeUseOf Answers—We and our community will be more than happy to help.

4 Comments -

0 votes

Anonymous

I came to this blog’s post particularly as I knew it would have a post that is… not biased towards PC, but more misinformed of the realities. I was thinking, okay, just mentioning how to remove it. Then I saw, “Users who install the MacDefender.app program believe it is the original MacDefender antivirus software, yet unwittingly unleash the virus themselves.”

I would like to point out that this only happens if
1) The “Open “safe” files after downloading” is checked. It is by default, which I will admit, I never understood why Apple did this.
2) The user is logged on as an admin and even then, he still has to authenticate. I hardly think that a user will just authenticate a random app that just downloaded itself and opened itself up, when they clicked on a link.

This is not to say, don’t worry about viruses, just because you’re on a Mac. Yes, it’s not as bad as Windows, even if the amount of viruses start to equal it, they will do less damage to the actual computer, such as there’s no registry to corrupt, so most likely no need to reinstall OS X, etc. (ID theft is another thing), BUT no platform is 100% safe.
To you Windows users: stay vigilant! good luck! keep those antivirus tools sharp and deadly!
To fellow OS X users: use your common sense!
To Linux users: just because you have a LOW LOW LOW chance of having your computer harmed, doesn’t mean ID theft and other crimes cannot occur, though even these will most likely not happen. Just keep it in the back of your mind at all times.
To other platform users: Mostly same as Linux, install what you want if you don’t have sensitive details on the computer, it probably isn’t a virus. BUT if I were you, I’d still be cautious.

0 votes

Angela Alcorn

Absolutely. It does say quite a lot for Mac security that viruses and malware need to trick users into installing them. :)

0 votes

Brian Moser

this was an obvious virus they had one for pc as well

0 votes

Angela Alcorn

All my research for this article points to it only being malware. There’s no confirmed virus as of yet.