Remember MacDefender, the bogus anti-virus utility that Apple quickly squashed with a system update? As it turns out, that scam may have been part of a wider web of intrigue recently discovered at ChronoPay, a Russian e-commerce payment firm that appears to have been supported the malware scam.
AppleInsider is reporting that a recent raid on Russian payment website ChronoPay has turned up some compelling evidence that the company was “providing technical and customer support for bogus anti-virus software, including MacDefender.”
First discovered back in April, MacDefender innocently posed as an installer for software meant to protect Mac users, when in reality it was little more than malware. Apple quickly issued a security update to ward off MacDefender, rolling the software into both Mac OS X 10.6.8 as well as OS X Lion, and the threat quietly retreated from whence it came.
Flash forward to this week, when security expert Brian Krebs revealed that Russian police have discovered “mountains of evidence” that ChronoPay was actually linked to MacDefender, including “website support credentials and the call records of 1-800 numbers used to operate the support centers.” The company is also linked to Rx-Promotion, which spammers use to promote websites selling “counterfeit prescription drugs.”
According to AppleInsider, scammers use “highly profitable pay-per-install programs” such as MacDefender to deploy their malware, paying as little as $750 for 10,000 installs.
“If you do the math, it’s almost like you’re printing money,” explains researcher Damon McCoy. “You could pay the PPI networks $75 to get 1,000 fake AV installs. And if you had an average conversion rate of one in 50, making between $25-$35 on each install, that works out to about 20 sales -- or conservatively $500 per one thousand installs."
For their part, ChronoPay is denying any involvement, despite the arrest in June of co-founder Pavel Vrublevsky over allegations he enlisted a hacker to attack a rival company. ChronoPay services 45 percent of the Russian e-commerce market.
“If allegations against ChronoPay are true then we should expect significant decrease of revenues received by cyber criminals in the appropriate segments of black market in the near future,” said Maxim Suhanov, a specialist at computer-forensics firm Group-IB.
Follow this article’s author, J.R. Bookwalter on Twitter
(Image courtesy AppleInsider and KrebsOnSecurity.com)
