Malware Disguised As Antivirus Targets Mac Users [News]

Angela Randall 03-05-2011

<firstimage=”//”>Malware Disguised As Antivirus Targets Mac Users [News] Mac DefenderA bogus version of the MacDefender antivirus application has recently fooled many Apple Mac OSX users into downloading and installing the malware on their computers. The fake antivirus, called MAC Defender, specifically targets Mac users using the Safari browser.


The virus infects people via an SEO poisoning attack, meaning that web searches for popular topics may return a malicious link at the top of the search results. In this case, when users click on this link they see a website with a fake Windows screen and a scan result saying their computer is infected. Then Javascript within the page will download the fake antivirus installer as a compressed .zip file.

The malware installer automatically opens for browser users who choose to automatically open ‘safe’ files they trust – this is Safari’s default setting. The first step in avoiding this malware and future similar attacks is to disable this function in Safari and other browsers you may use. Go to Preferences and uncheck the option to automatically open ‘safe’ files.

Malware Disguised As Antivirus Targets Mac Users [News] Uncheck option to Automatically open safe files

The virus deceives the user into installing the program. Users need to enter the administrator password and authorise the installation, but by this stage many users are already fooled into believing the software is legitimate.

Malware Disguised As Antivirus Targets Mac Users [News] MacDefender installer


Once infected, users are asked for credit card details to pay for the antivirus software to continue providing protection. Only users who enter their details here will have their credit card details compromised.

To remove the MAC Defender malware, follow these simple steps:

  • First visit Applications > Utilities > Activity Monitor and stop all instances of the MacDefender program or similarly named items.
  • Delete all instances of MacDefender from Library > StartupItems, Library > LaunchAgents and Library > LaunchDaemons to ensure the application doesn’t re-open.
  • Revisit Applications and delete the application.
  • Check your recent downloads and delete the .zip file and application.
  • Run a Spotlight check to remove any other references to MacDefender.
  • Empty your trash.

Makers of the original MacDefender antivirus program have released a statement about the virus on their website:

“A few days ago a new malicious software for the Macintosh named MAC Defender surfaced. Of course, this site has nothing to do with this software, it is more like a Mac version of the PC Defenders. It is strongly recommended to NOT install this software and to disable the option for automatically opening ‘safe’ files in your browser.” – Mac Defender Official Site.


For more detailed, technical information and screenshots of this malware, read this Intego Security Memo and Sophos update regarding the issue.

Apple Macintosh users usually see themselves as safe against viruses online, yet this virus uses social engineering and deception to gain the permissions required to install itself on the computer. Users who install the program believe it is the original MacDefender antivirus software, yet unwittingly unleash the virus themselves.

Source: TheNextWeb

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Brian Moser
    May 4, 2011 at 12:01 am

    this was an obvious virus they had one for pc as well

    • Angela Alcorn
      May 4, 2011 at 9:22 am

      All my research for this article points to it only being malware. There's no confirmed virus as of yet.

  2. Anonymous
    May 3, 2011 at 7:24 pm

    I came to this blog's post particularly as I knew it would have a post that is… not biased towards PC, but more misinformed of the realities. I was thinking, okay, just mentioning how to remove it. Then I saw, "Users who install the program believe it is the original MacDefender antivirus software, yet unwittingly unleash the virus themselves."

    I would like to point out that this only happens if
    1) The "Open "safe" files after downloading" is checked. It is by default, which I will admit, I never understood why Apple did this.
    2) The user is logged on as an admin and even then, he still has to authenticate. I hardly think that a user will just authenticate a random app that just downloaded itself and opened itself up, when they clicked on a link.

    This is not to say, don't worry about viruses, just because you're on a Mac. Yes, it's not as bad as Windows, even if the amount of viruses start to equal it, they will do less damage to the actual computer, such as there's no registry to corrupt, so most likely no need to reinstall OS X, etc. (ID theft is another thing), BUT no platform is 100% safe.
    To you Windows users: stay vigilant! good luck! keep those antivirus tools sharp and deadly!
    To fellow OS X users: use your common sense!
    To Linux users: just because you have a LOW LOW LOW chance of having your computer harmed, doesn't mean ID theft and other crimes cannot occur, though even these will most likely not happen. Just keep it in the back of your mind at all times.
    To other platform users: Mostly same as Linux, install what you want if you don't have sensitive details on the computer, it probably isn't a virus. BUT if I were you, I'd still be cautious.

    • Angela Alcorn
      May 4, 2011 at 3:26 am

      Absolutely. It does say quite a lot for Mac security that viruses and malware need to trick users into installing them. :)