Mac users generally point and laugh at Windows users with all of their virus troubles, but with Apple’s computers edging more and more market share each quarter, it’s just a matter of time before virus makers turn their attention our way. Case in point, a fake antivirus program now making the rounds.
Mac security specialist Intego issued a memo on Monday warning users of Apple’s desktop and laptop computers to keep any eye out for a crafty new antivirus program called MAC Defender. As fate would have it, the app is nothing more than a nasty virus in sheep’s clothing, and a few accidental clicks on search engines such as Google might mess up your day rather badly.
“Intego has discovered a fake antivirus program called MAC Defender, which targets Mac users via SEO poisoning attacks (web sites set up to take advantage of search engine optimization tricks to get malicious sites to appear at the top of search results),” the May 2 security memo explains. “When a user clicks on certain links after performing a search on a search engine such as Google, they are sent to a web site that displays a fake Windows screen with an animated image showing a malware scan; a window then tells the user that their computer is infected.
“After this, JavaScript on the page automatically downloads a file,” the security memo continues. “The file downloaded is a compressed ZIP archive, which, if a specific option in a web browser is checked (Open ‘safe’ files after downloading in Safari, for example), will open.”
Once the file is decompressed, an installer launches (such as the one seen above) and if a user continues through the process, the actual MAC Defender program opens, adding itself to the user’s Login items while keeping out of sight from the Dock -- meaning there’s no easy way to quit the app, and it will continue to relaunch even if the user logs out or restarts their computer. Intego notes, “this application is very well designed and looks professional” -- there are no tell-tale signs such as bad grammar or spelling which are often clues to a rogue application.
So what is the ultimate goal of MAC Defender? Apparently, to incorrectly inform you that a virus is present, then offer to eradicate it by signing up for a one-year, two-year or lifetime license to the bogus application at a cost of $59.95, $69.95 or $79.95, respectively.
Intego ranks the security risk as low, noting that while MAC Defender is in the wild, it’s not very widespread as yet. The method of counteracting the rogue app is simply to not let it run in the first place -- if you see an installer pop up for an application you haven’t downloaded, always click the No or Cancel button immediately.
As always, to maximize against such security threats, Intego offers VirusBarrier X6, which has been updated to protect against MAC Defender and other malware. The company notes that Express and Plus versions of the app are now available on the Mac App Store, but these versions do not include a real-time scanner and thus require users to manually scan for threats after updating to the latest malware definitions.
Follow this article’s author, J.R. Bookwalter on Twitter
