How to Avoid or Remove ‘Mac Defender’ Malware

  • Share
  • Read Later

Recently, our own Harry McCracken revealed that even he’d been hit by the Mac malware known as Mac Defender (also known as Mac Protector). Here’s how to remove it from, or avoid getting it on, your Mac.

First of all, let’s clear up some definitions. “Malware” means “stuff that’s bad for your computer”, and this most certainly qualifies as that.

But “malware” can take many forms. A lot of people, including some mainstream media journalists, use the word “virus” to mean “malware,” but technically speaking they’re not the same thing.

A virus is a form of malware, which spreads from one computer to another with the unwitting help of a human assistant. It attaches itself to other files and waits for a chance to copy itself and attach to more. So it spreads from file to file, from machine to machine. Mac Defender is not one of these.

A worm is a variation on this theme, something that can copy itself and spread even without human help. Mac Defender isn’t one of these either.

A Trojan horse is malware that pretends to be something else, and tricks you into installing it on your computer. Bingo – that’s what Mac Defender is.

It hides on the web, waiting for the unwary to click a link that takes their browser to the right page. That page includes the malware download, and that’s where we meet another problem: by default, Apple’s Safari web browser automatically downloads what it finds there and opens it right up.

Yikes. So what can you do about it?

You can prevent this from happening by going into Safari’s preferences. Under the General tab, at the bottom, you’ll see a simple checkbox marked “Open ‘Safe’ files after downloading.”

The first thing you should do is uncheck this box. That will prevent anything from being opened without your say-so.

Even if the malware is downloaded, it can’t be installed without you providing an administrator’s password. So in the event that something’s been downloaded and opened, you’re still safe as long as you don’t enter that password.

The scammers behind this are banking on people just typing in a password every time they’re asked for one. But for safety’s sake, it pays to be careful. If you’re just casually browsing the net, and haven’t actually intended to download anything, be suspicious of any requests for your computer’s password.

Mac Defender and its variants are even more sneaky because they’re trying to get your credit card details out of you. The software pretends to be a virus checker (nice one, scammers! hilarious!) and might ask you to upgrade, or purchase a license. Once you’ve handed over your credit card details, the scammers have won.

So: don’t enter any credit card details anywhere, unless it’s on a website you have navigated to manually, with the intention of buying something.

Apple appears to be taking this seriously, and has issued official instructions for removing Mac Defender from your computer if it’s already there.

This isn’t difficult. All that’s required is locating, then deleting, one or two files on your system – the malware application itself, and optionally the entry it gives itself in your user account’s Login items (the list of stuff that starts automatically every time you log in).

Furthermore, Apple says it will include Mac Defender-zapping code in its next software update. That’s great; it deals with this trojan horse nicely. But what about the next one? And the one after that?

That’s the thing about trojans. They don’t exploit flaws in software, they exploit flaws in people. As long as people are using computers, there will be trojans trying to hoodwink them, whatever computer they’re using. Staying alert, and being wary of unexpected stuff that appears on your computer, is the best way of protecting your data.

More on TIME.com:

Okay, Maybe This Mac Security Problem Is Real

Phony ‘Mac Defender’ Malware Does Anything But

Apple Forums Point to a Boom in Mac OS Malware, but Don’t Panic

  1. Previous
  2. 1
  3. 2