Naive Apple users might find themselves in quite a predicament thanks to a new malware which tricks users into thinking their Macs are infected, automatically installs a interface that looks like a legitimate antivirus and then asks for more information to destroy the threat, including credit card information.
The trojan works fairly simple but ingeniously, by targeting users browsing Google Images via Safari, who receive a notice claiming their system is infected and they need to install a MacDefender application to remove viruses. MacDefender is able to bypass Safari’s protection system, which automatically accepts trusted software – Apple, you should really look into this exploit. MacDefender then relaunches every time a user logs in or restarts the computer. There are no terribly obvious effects: The virus doesn’t install anything to run in the background, but it does attempt to swindle users into buying the application via credit card.
The malware has been reported by security firm Intego on Monday. The company notes that the application is visually well designed and doesn’t have numerous misspellings or other errors common to such malware on Windows, which is maybe why the malware has managed to trick so many people so far. Malware can be look professional too, don’t be fooled by a scammer with a $1000 suit. Also, the software will periodically display Growl alerts that various fake malware has been detected, and also periodically opens porn websites in the default browser, leading the user to believe that he is indeed infected with a virus.
How to prevent MacDefender attack
While the MacDefender is fairly harmless, inexperieced Mac users might find themselves in a lot of trouble with fraud threats, so here’s how to get stay safe – simply uncheck the “open safe files after downloading” option by going to Safari, Preferences, and then General. You could also use an alternative browser. Another option is to defer to running in Standard of Managed mode, versus as an Administrator – this just keeps viruses from being able to access every nook and cranny of your system.
How to clean up MacDefender malware
If your system has already been infected, The Next Web explains how you can fairly easily get rid of MacDefender.
- Go to Applications, and then Utilities to check the Activity Monitor. Disable anything with “MacDefender” in the name.
- Go to Library, Startup Items, and in there look for in LaunchAgents and LaunchDaemons for anything with “MacDefender” in the name. Quit any running applications.
- Go back to the Applications folder and drag and drop MacDefender from there to the trash. Delete trash.
- Search for anything on your system with “MacDefender” in the name and delete anything returned.