You can prevent this from happening by going into Safari’s preferences. Under the General tab, at the bottom, you’ll see a simple checkbox marked “Open ‘Safe’ files after downloading.”
The first thing you should do is uncheck this box. That will prevent anything from being opened without your say-so.
Even if the malware is downloaded, it can’t be installed without you providing an administrator’s password. So in the event that something’s been downloaded and opened, you’re still safe as long as you don’t enter that password.
The scammers behind this are banking on people just typing in a password every time they’re asked for one. But for safety’s sake, it pays to be careful. If you’re just casually browsing the net, and haven’t actually intended to download anything, be suspicious of any requests for your computer’s password.
Mac Defender and its variants are even more sneaky because they’re trying to get your credit card details out of you. The software pretends to be a virus checker (nice one, scammers! hilarious!) and might ask you to upgrade, or purchase a license. Once you’ve handed over your credit card details, the scammers have won.
So: don’t enter any credit card details anywhere, unless it’s on a website you have navigated to manually, with the intention of buying something.
Apple appears to be taking this seriously, and has issued official instructions for removing Mac Defender from your computer if it’s already there.
This isn’t difficult. All that’s required is locating, then deleting, one or two files on your system – the malware application itself, and optionally the entry it gives itself in your user account’s Login items (the list of stuff that starts automatically every time you log in).
Furthermore, Apple says it will include Mac Defender-zapping code in its next software update. That’s great; it deals with this trojan horse nicely. But what about the next one? And the one after that?
That’s the thing about trojans. They don’t exploit flaws in software, they exploit flaws in people. As long as people are using computers, there will be trojans trying to hoodwink them, whatever computer they’re using. Staying alert, and being wary of unexpected stuff that appears on your computer, is the best way of protecting your data.
More on TIME.com:
Okay, Maybe This Mac Security Problem Is Real
Phony ‘Mac Defender’ Malware Does Anything But
Apple Forums Point to a Boom in Mac OS Malware, but Don’t Panic