Mac Defender Malware: A Survival Guide for OS X Users
By Ian Paul
PCWorldMay 25, 2011 9:01 am PDT
Apple says it has a fix in the works for the Mac Defender fake antivirus app that has plagued a surprising number of Mac users in recent weeks. The company recently posted a Mac Defender support page explaining how you can remove the malware from your system. Apple also says it will roll out an OS X software update to protect Mac users from future attacks.
Apple’s technical support services have reportedly seen an uptick in complaints about Mac Defender malware attacks. One Apple Care representative recently told ZDNet that at its height 50 percent of customer support calls were seeking help for Mac Defender problems. At first, Apple was reportedly reluctant to help users remove the malware, saying it didn’t want to set an expectation for future widespread malware problems.
But Apple had a change of heart since then and wants to deal with the problem head on. If you’re a Mac user infected with Mac Defender or a person who just wants to brush up on your online security know-how, here’s what you need to avoid the perils of Mac Defender.
What is Mac Defender?
Mac Defender is a fake antivirus program that tries to trick you into installing it on your OS X system (there is also a Windows variant). The program can be automatically downloaded to your computer through a malicious site or a pop-up might appear in your browser trying to convince you to download the rogue app.
Once Mac Defender is running on your system it will try to trick you into handing over your credit card information. Mac Defender tells you that your system has malware and claims that apps such as the Terminal are infected. It may also open browser windows and visit porn sites in an attempt to scare you into thinking you have a virus. Then the rogue app offers to fix your problem if you purchase the full version of Mac Defender. Once it has your credit card information, the porn pop-ups disappear, but now the bad guys have your credit card details.
Does Mac Defender Have Other Names?
The fake antivirus also goes by other names including MacProtector and MacSecurity, as well as Mac Defender.
Is this Malware related to MacDefender.org?
What is Apple Doing About this?
Apple recently posted a Mac Defender support page on the company’s site promising a software update for OS X. The update will search out and destroy Mac Defender malware if it’s on your system. The security update will also alert you against downloading the scam app whenever you come across Mac Defender online.
If you see the pop-up online, Apple recommends that you quit your browser immediately. If you can’t shut it down normally then use the force quit option by pressing Command-Option-Escape. Then select your browser from the “Force Quit Applications” window and press the “Force Quit” button.
After You Download
If you’ve downloaded Mac Defender or one of its variants, but haven’t installed it yet, then simply throw the download package (usually a mkpg.zip file) in the Trash. To be extra safe dump your Trash right away by clicking and holding on the Trash icon until a menu appears and then click “Empty Trash.”
After You Install
If you have already downloaded Mac Defender and installed it on your system see the Apple support page under the sub-heading “Removal steps” for a step-by-step guide to removing the app. Under no circumstances should you ever provide Mac Defender or its variants with your credit card details.
Is this the End of the Age of Innocence for the Mac?
That’s a hotly debated issue right now among Mac advocates and critics. There has been an uptick in malware activity for Mac recently. Not only has Mac Defender appeared, but there’s also a new, high-priced software kit that lets anyone build malware for the Mac. But the truth is the bigger target for malware makers is still the Windows platform. Mac users are such a small segment of the overall global PC population that it’s hard for an enterprising criminal to justify targeting such a miniscule number of users. Consider that about 80 million to 90 million PCs are shipped every three months. Apple, meanwhile, sold just over 13 million Macs in all of 2010.
That said, you should probably play it safe and expect to see more Mac-related malware in the wild. In late 2010, Panda security said it was seeing 500 new strains of Mac-specific malware every month.
Steps for the Future
If you’re concerned about your computer’s security, one of the best things you can do is download real antivirus software such as Sophos’ free Mac antivirus program. Even if you refuse to run a security program full time, at the very least you should consider downloading an antivirus program so you can run a full disk scan every week or so.
But, just as Windows users have found out, the best way to stay safe online is to use common sense. If a pop-up window appears asking you to download software, do not agree to download it unless you were the one who initiated the download. If a program you don’t recognize asks you for permission to install itself, don’t do it. If you can’t quit a browser window because of a misbehaving pop-up then force quit the program by clicking command-option-escape. If that doesn’t work, try opening terminal and type in killall “browser name” where you substitute “browser name” (including the quotes) for your browser’s full application name such as killall “Google Chrome” and not killall “Chrome.”