Fake Mac Antivirus Rears its Ugly Head

Image courtesy of Flickr user indi.ca

Fake AVs have been tormenting PC owners for years.  And they have now finally made their way to the Mac. A fake antivirus designed to look like a real Mac OS X application emerged recently under the name “MAC Defender.”

The Mac-specific malware, like other scareware, makes victims believe that their computers are infected with malware and then, using prompts and coercive language, tricks them into buying a fake antivirus program called “MAC Defender.”  While MAC Defender is currently in the wild, the risk is reportedly low, and infections have been limited thus far.

However, one factor that makes the relatively new Mac malware especially dangerous is that a company called “Mac Defender” already exists.  So anyone who researches “Mac Defender” and learns that it’s a legitimate antivirus company is more likely to fall victim to the fake AV attack.

Also, the MAC Defender rogue antivirus application, once installed, does not have a dock icon, which makes it difficult to quit.  As a result, frustrated users are probably more inclined to purchase the rogue antivirus software, thinking that it will help them quickly resolve the inconvenient situation.

How MAC Defender works:

The MAC Defender scareware ruse initiates with SEO poisoning—a process that employs search engine optimization techniques in order to position malicious links towards the top of search results pages.  The scareware has also been observed on Google image search.  Those who click on the poisoned images or links are taken to a site where a malware scan appears to take place.  A popup window warns of a malware infection and triggers Javascript on the site that automatically downloads a compressed ZIP archive file.

If victims choose to open the file, a MAC Defender Setup Installer launches, and victims have to enter an administrator’s password in order to install the scareware.  Once installed, the malware displays alerts telling victims that it has found viruses and opens several adult content web pages.

The goal, of course, is to convince the victims that their computers are overrun with malware so that they purchase the MAC Defender Fake AV.  They can choose a one-year license for $59.95, a two-year license for $69.95, or a lifetime license for $79.95.  Victims are asked to pay with a credit card.

More Mac Malware on the Horizon?

Some regard the current MAC Defender attack as “low-risk” since it requires the user to manually open the malicious file and enter an administrator password in order to install the malware.

Still, the recent MAC Defender attack confirms that Mac users also need to be wary of malware.  Other malware attacks on Macs are inevitable.  In fact, just days after MAC Defender’s emergence, security researchers discovered new variants of the MAC Defender fake antivirus in the wild.  Also, the first advanced Do-It-Yourself crimekit designed for the Mac OS X platform was announced recently.

So Mac malware has officially become a real danger.  If you’re a Mac owner, it’s probably time to start thinking about how to protect yourself against potentially devastating malware.  Fortunately, you have some great (legitimate) antivirus options.

This entry was posted in Malware Alerts and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>