WARNING: Mac Malware Variant “MAC Defender” Even More Crafty – No Password Install Required

warning_macdefender3

And you thought that Macs and Apple products were immune to virus and malware threats? Think again! At the beginning of May, Intego, a developer for internet security and privacy software for Macs, identified a pretty scary piece of malware, dubbed the “MAC Defender” (also now has names like “MacSecurity” and “MacProtector” and “MacDefender”). What is malware? It’s essentially a malicious piece of software that can do all types of damage to your computer and trick you into doing things you don’t want it to do.

warning_macdefender-3

What really concerns me here is that Macs are prevalent in schools and homes and used by children…and they frequently can get scared, panic and do things that adults hopefully won’t do. The problem is, this malware is crafted in a way to even deceive adults into thinking their Mac is infected. Read on to learn more about this and some steps you can take to prevent from being scammed.

As Intego outlined in a press release on May 3rd, MacDefender preys on people’s lack of knowledge of security on their computer, tricking them into installing a fake Anti-Virus program. The program itself, is malware. Not only does it pretend to find viruses on your Macintosh, it also pops open porn sites when your browser is open to simulate the fact that your computer is “infected.” Only after you “register” and pay for the program do the pop-ups stop and the fake scans stop as well. The end user is left thinking that their computer is now clean and running fine. The problem is, your credit card is now with some 3rd Party site – unsecured and in the hands of someone who is not looking out for your best interest.

How It Works

I don’t have first hand experience on this luckily so I’m taking much of the information from Intego’s site (including the images). But here is what happens.

Mac users are targeted via an SEO Poisoning Attack. What that means is that malicious sites are optimized for search engine keywords. So when a user searches for “anti-virus software” or something similar, these malicious sites appear at the top.

If a user visits that site, they get a fake “scanning” image appear and, via JavaScript, a file is downloaded to their computer called “avSetup.pkg” or something similar. Once the user double-clicks this software, the installer starts and it installs the malware (in the old version, you had to enter an Administrator password – this is no longer true!).

installer

Once installed, the malware really looks like professional Anti-Virus software, complete with a menu bar icon.

macdefender-3

The menu bar icon will turn red as this fake software “identifies” viruses. You also get pop-up warnings of virus activity.

macdefender-5

It’s also important to note that the application adds itself automatically to the Login Items so that it will launch every time you start or log into your computer. Also, it is very difficult to quit (unless you do it via the Activity Monitor). As I mentioned before, as your computer sits idly, porn windows will pop up on your browser to simulate an infection. This will obviously freak out people and scare them into purchasing the fake anti-virus software. The site where you purchase the software isn’t under HTTPS or SSL:

macdefender-6

The New Variant

This new variant of MacDefender now does not require an administrator password to install. This is scary!

newMacDefender

It still behaves in much the same way as earlier version, just without the administrator password prompt. Instead, it installs an application downloader called “avRunner” which then launches all by itself (deleting itself afterwards, leaving no trace behind). Then a new application called MacGuard fires up – this is basically a new version of MAC Defender.

How To Prevent

Obviously there are a few tips you can follow to keep your Mac safe:

  • Don’t install software that you don’t know about
  • Don’t visit and/or download software from sites you don’t know
  • Install some sort of Anti-Virus software like Intego’s VirusBarrier X6 (I haven’t test their latest version yet), ClamAV (free), Sophos Anti-Virus (free/paid) or others – no guarantee that the others mentioned with the exception of Intego’s protection will detect and prevent MAC Defender.
  • Disable the “Open ‘Safe’ Files after downloading” option in Safari and other browsers – see below
  • Keep your computer software up to date, including your Operating System

safari-open

Note: Apple has officially acknowledge this malware and offers some tips on how to avoid and remove the MAC Defender malware in this Support Article.

Apple will also be releasing a Software Update to help correct this issues as they state here:

In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants.  The update will also help protect users by providing an explicit warning if they download this malware.

Anyway, I guess that us Mac users now need to be even more vigilant on the threats that are out there. Be sure to spread the word!

HTD says: Be sure your Mac is protected!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Other articles of interest

Global Product Review Disclosure

Disclosure: This is a global disclosure for product review articles on HighTechDad. It does not apply to Automobile reviews and there are other exceptions. Therefore, it may or may not be applicable to this particular article. I may have a material connection because I may have received a sample of a product for consideration in preparing to review the product and write this or other content. I was/am not expected to return the item after my review period. All opinions within this and other articles are my own and are typically not subject to the editorial review from any 3rd party. Also, some of the links in the post above may be “affiliate” or “advertising” links. These may be automatically created or placed by me manually. This means if you click on the link and purchase the item (sometimes but not necessarily the product or service being reviewed), I will receive a small affiliate or advertising commission. More information can be found on my About page.

About HighTechDad

Michael Sheehan (“HighTechDad”) is an avid technologist, writer, journalist, content marketer, blogger, tech influencer, social media pundit, loving husband and father of 3 beautiful girls living in the San Francisco Bay Area. This site covers technology, consumer electronics, Parent Tech, SmartHomes, cloud computing, gadgets, software, hardware, parenting “hacks,” and other tips & tricks.

Recent Articles

Explore Categories