Phony ‘Mac Defender’ Malware Does Anything But

  • Share
  • Read Later

Think you’re safe from malware if your ride’s a Mac? Think again!

Or you know, keep on thinking, because this one looks like another wannabe troublemaker–the latest in a lengthy lineup of not-quite-viral might-have-beens. Not that you shouldn’t take it seriously, of course, because security firm Intego is.

The malware, masquerading as legit security app MacDefender, targets Safari OS X users surfing Google search results. The not-so-wannabe part involves how you get it: through search-engine-optimized sites waiting in the wings and harboring malicious JavaScript code, which automatically downloads a file containing the offending software.

(Follow-up: How to Avoid or Remove ‘Mac Defender’ Malware)

If you have Safari’s “open ‘safe’ files after downloading” option ticked–it’s on by default–and you stumble on one of these pages, your Mac will automatically download a ZIP archive, unpack it, and trigger the malware’s installer (pictured above). At that point you’ll want to click the red “close” button because, well, hint: it’s not going to defend your Mac from anything.

But if you’re feeling reckless and permit it to install anyway, it’ll open the floodgates and start pouring. Your info, I mean, and to who knows where. Some users say they didn’t realize their systems had been compromised until the malware prompted them for credit card info to sign up for anti-virus protection. Again, it’s apparently prompt-driven, meaning all you need to avoid being taken for a ride is a dash of common sense and an ounce of execution: if you don’t know what some app prompt is or why it’s asking, shut it down, check it out, and if it’s bad news, liquidate it.

So let me guess, you’re not running protection software because Apple says Macs are less prone to malware attacks than Windows systems. They’re not making that up–OS X accounts for less than 10 percent usage share of operating systems, so the payout’s low volume for hackers–but the Internet’s a scary place unfiltered, and all it’ll take is a single uber-deadly payload to silence Apple’s boasts. You need to protect yourself.

You can start by unchecking the “safe” downloads option in Safari (it’s on the ‘general’ tab, which is why you might’ve missed it–not under ‘security’, where it ought to be). Then you’ll want to at least think about creating a basic user account for day-to-day use, instead of your default admin-level one.

And if you’re not running a virus/malware checker, it’s time to start: consider something like Sophos’s free anti-virus software for OS X. It’s lean, clean, and–since I’m past the “but it’s a Mac!” denial phase–I’ve even (just) loaded a copy myself.