Mac now has real malware. First announced May 2nd on many security and apple related newsgroups, it’s similar to numerous fake anti-virus and anti-malware programs on the Windows side. As far as danger, it’s a standard scam to get your credit card number and other identifying information. Unlike some other trojan software it doesn’t do anything to your computer or the data on it.
The malicious software, commonly known as MacDefender, MacProtector and MacSecurity, turned up this month and has found its way onto hundreds, if not thousands, of Macintosh computers.
MacDefender works by taking advantage of default settings in Apple’s Safari browser and attaching itself to a computer’s launch menu. The program downloads itself through a zip file and urges the user to provide their administrator name and password so it can conduct a virus “scan” of the hard drive.
Once a person provides their personal information, the program pretends to scan the computer and then tells the user that a bunch of viruses have been found. Before they can be removed, however, the malware asks for credit-card information.
Having affected increasing numbers of Mac users over the past weeks, Apple originally washed its hands of the problem, instructing support staff to tell customers, “AppleCare does not provide support for removal of the malware. You should not confirm or deny whether the customer’s Mac is infected or not.”
The update to Mac OS X will go live in the coming days, Apple said, and will “automatically find and remove Mac Defender malware and its known variants.”
In a help page, Apple explains how to avoid the Mac Defender trap, insisting of course on the fact that in no event should users provide banking details. They have also provided instructions on how to clean an infected machine, with the procedure being relatively simple.
The user has to go to the activity monitor to terminate the malicious process and then go to the applications folder to remove the MacDefender, MacSecurity and MacProtector files. Apple also recommends deleting the malwares automatic launch process which runs each time the user logs in.
Warning a user that they’re downloading malware is all well and good, but as time goes on and the list of malware grows that could become pretty unwieldy. Hopefully now that there is a piece of malware for OS X that is real, widespread, and effective at what it does Apple will pay more attention to the reality that, like all other software, OS X is not bulletproof and needs serious attention paid to security.
