Fake "MacDefender" Brings Malware to Macs

Fake anti-virus software is an old breed of malware that's finally found a new trick: Attacking Macs.

The malicious Mac app is called MacDefender, and according to Intego, it hides within Web pages that use search engine optimization to spam the results of popular searches. Infected Websites show a fake animation of a malware scan in Windows, followed by a pop-up telling users that their computer is infected. JavaScript on the page then automatically downloads a compressed ZIP file containing the malware.

The MacDefender malware looks real.
For Safari users who've checked the "open 'safe' files after downloading" option within the browser's settings, the MacDefender malware installation begins automatically. Otherwise, the user must open the ZIP file and install the app manually for the malware to take hold.

The MacDefender installation page.
As Intego notes, the MacDefender app--not to be confused with the software developer of the same name--looks rather convincing, and once installed, it quickly sets to work on discovering non-existent viruses and loading pornography in the user's Web browser. The point of all this is to scare users into forking over their money and credit card information, which the MacDefender app says is necessary to delete viruses.

Low Risk So Far

Fortunately, Intego describes this Mac malware as low risk and not very widespread for now. It's also fairly easy to remove, as The Next Web points out. First, use the Activity Monitor (under Applications > Utilities) to disable anything related to MacDefender. Then, make sure there are no references to the malware app in Library/StartupItems or, in the same place, LaunchAgents and LaunchDaemons. Then, move the MacDefender app from Applications to Trash, and delete the trash. Finally, use Spotlight Search to find and delete any remaining references to the app.

For prevention, Intego recommends its own anti-virus software (of course), but all you really need is common sense. Uncheck the "open 'safe' files after downloading" option in Safari and never, ever install anti-virus software that pops up on some random website, no matter how many viruses it says your computer has.

Follow Jared on Facebook and Twitter for even more tech news and commentary.

Subscribe to the Security Watch Newsletter

Comments