The malware installer automatically opens for browser users who choose to automatically open ‘safe’ files they trust – this is Safari’s default setting. The first step in avoiding this malware and future similar attacks is to disable this function in Safari and other browsers you may use. Go to Preferences and uncheck the option to automatically open ‘safe’ files.
The virus deceives the user into installing the program. Users need to enter the administrator password and authorise the installation, but by this stage many users are already fooled into believing the software is legitimate.
Once infected, users are asked for credit card details to pay for the antivirus software to continue providing protection. Only users who enter their details here will have their credit card details compromised.
To remove the MAC Defender malware, follow these simple steps:
- First visit Applications > Utilities > Activity Monitor and stop all instances of the MacDefender program or similarly named items.
- Delete all instances of MacDefender from Library > StartupItems, Library > LaunchAgents and Library > LaunchDaemons to ensure the application doesn’t re-open.
- Revisit Applications and delete the application.
- Check your recent downloads and delete the .zip file and application.
- Run a Spotlight check to remove any other references to MacDefender.
- Empty your trash.
Makers of the original MacDefender antivirus program have released a statement about the virus on their website:
“A few days ago a new malicious software for the Macintosh named MAC Defender surfaced. Of course, this site has nothing to do with this software, it is more like a Mac version of the PC Defenders. It is strongly recommended to NOT install this software and to disable the option for automatically opening ‘safe’ files in your browser.” – Mac Defender Official Site.
Apple Macintosh users usually see themselves as safe against viruses online, yet this virus uses social engineering and deception to gain the permissions required to install itself on the computer. Users who install the MacDefender.app program believe it is the original MacDefender antivirus software, yet unwittingly unleash the virus themselves.