MacDefender malware targets OS X users via Google searches

Tue, May 3, 2011


The security firm Intego yesterday released details about a new piece of malware that specifically targets OS X users. Called MacDefender, the malware automatically begins downloading to a user’s machine after they click on a malicious link.

“When a user clicks a link after performing a search on a search engine such as Google,” Intego notes, “this takes them to a web site whose page contains JavaScript that automatically downloads a file. In this case, the file downloaded is a compressed ZIP archive, which, if a specific option in a web browser is checked (Open ‘safe’ files after downloading in Safari, for example), will open.”

Sounds scary, of course, but users must still actively enter in their system password to install and activate the malware. As such, Intego categorizes the threat of this particular piece of Malware as “low”. Still, some folks running administrator accounts, and who have the aforementioned ‘safe’ option checked, have noted that the software can install without prompting for a password. Indeed, only upon being asked for a password to activate the program which masquerades as an anti-Malware app did they realize what they were dealing with.

Reports from Apple’s support discussion forms have relayed that the downloads to the malware are showing in Google image searches. If you are unlucky enough to find yourself infected, it’s recommended that users take the following course of action.

1. Open Applications > Utilities > Activity Monitor and quit any processes linked to MACDefender.

2. Delete MACDefender from the Applications folder.

3. Check System Preferences > Accounts > Login Items for suspicious entries

4. Run a Spotlight search for “MACDefender” to check for any associated files that might still be lingering.

As noted by Intego, this type of Malware – the type which try and trick users into believing that they’re scanning for malware when they’re in fact installing it – is typically geared towards Windows users with downloadable .exe files. In this case, however, the malware appears to be a well designed and professional looking Mac application.

Notably, the malware also acts to periodically open adult website to further convince users that they’ve been infected by malware, thus making Mac Defender a seemingly attractive if not downright logical purchase.

For years, Mac users benefited from the fact that malware creators primarily targeted Windows users on account of its 90+% installed userbase. With the growing number of Mac users, not to mention iOS devices, the entire Mac platform will undoubtedly become a more intriguing target for malicious hackers.

In light of that, Apple appears to be taking more pro-active steps in the realm of security. In late February we reported that Apple had sent out beta copies of OS X Lion to security experts to garner some feedback about new security countermeasures in Apple’s next-gen OS.



Comments are closed.

eXTReMe Tracker