Malware Disguised As Antivirus Targets Mac Users [News]

May 3, 2011 | In: Uncategorized

A bogus version of the MacDefender antivirus application has recently fooled many Apple Mac OSX users into downloading and installing the malware on their computers. The fake antivirus, called MAC Defender, specifically targets Mac users using the Safari browser.

The virus infects people via an SEO poisoning attack, meaning that web searches for popular topics may return a malicious link at the top of the search results. In this case, when users click on this link they see a website with a fake Windows screen and a scan result saying their computer is infected. Then Javascript within the page will download the fake antivirus installer as a compressed .zip file.

The malware installer automatically opens for browser users who choose to automatically open ‘safe’ files they trust – this is Safari’s default setting. The first step in avoiding this malware and future similar attacks is to disable this function in Safari and other browsers you may use. Go to Preferences and uncheck the option to automatically open ‘safe’ files.

The virus deceives the user into installing the program. Users need to enter the administrator password and authorise the installation, but by this stage many users are already fooled into believing the software is legitimate.

Once infected, users are asked for credit card details to pay for the antivirus software to continue providing protection. Only users who enter their details here will have their credit card details compromised.

To remove the MAC Defender malware, follow these simple steps:

  • First visit Applications > Utilities > Activity Monitor and stop all instances of the MacDefender program or similarly named items.
  • Delete all instances of MacDefender from Library > StartupItems, Library > LaunchAgents and Library > LaunchDaemons to ensure the application doesn’t re-open.
  • Revisit Applications and delete the application.
  • Check your recent downloads and delete the .zip file and application.
  • Run a Spotlight check to remove any other references to MacDefender.
  • Empty your trash.

Makers of the original MacDefender antivirus program have released a statement about the virus on their website:

“A few days ago a new malicious software for the Macintosh named MAC Defender surfaced. Of course, this site has nothing to do with this software, it is more like a Mac version of the PC Defenders. It is strongly recommended to NOT install this software and to disable the option for automatically opening ‘safe’ files in your browser.”Mac Defender Official Site.

For more detailed, technical information and screenshots of this malware, read this Intego Security Memo and Sophos update regarding the issue.

Apple Macintosh users usually see themselves as safe against viruses online, yet this virus uses social engineering and deception to gain the permissions required to install itself on the computer. Users who install the MacDefender.app program believe it is the original MacDefender antivirus software, yet unwittingly unleash the virus themselves.

Source: TheNextWeb


Follow MakeUseOf on Twitter. Includes cool extras.


 

 

More articles about: , , ,

Similar articles:


Comments are closed.

Get Pc Help

Get help from Brad Storts!