More dangerous Mac Defender variant emerges

Mac OS X users have been warned to be wary of a new variation of the Mac Defender ‘scareware’ that is said to be more dangerous than the original infection.

According to experts at security firm Intego, MacGuard is more dangerous than Mac Defender and several earlier variants including Mac Protector and Mac Security as it doesn’t require an administrator password to install.

The aim of the malware is the same – to persuade victims to hand over their credit card details – though the process is slightly different. Initially, visiting an infected website automatically triggers the download of a file that installs itself on your Mac.

If you have the ‘Open safe files after downloading’ option in Safari checked the installation process will begin automatically and the avRunner program will be installed on your Mac. This then downloads a second file package from a domain belonging to the cybercriminals behind the attack, while deleting all traces of the original installer files.

This second file is the MacGuard package, which will automatically install itself as well. It will then demand credit card details to rid your Mac of the infection.

Intego recommends unchecking the Open safe files after downloading option in Safari and if you should end up on any website that looks similar to Mac OS X’s Finder window you should close the browser immediately. If the Installer opens, quit it straight away and check the Downloads folder for any unrecognised files and delete them.

Earlier this week, Apple promised an update to Mac OS X that would find and delete variants of the Mac Defender malware on a user’s Mac, as well as warn them should they unwittingly try and download the file.

“In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants,” Apple said in a statement.

“The update will also help protect users by providing an explicit warning if they download this malware,” it continued.

Apple also outlined steps that users with infected Macs can take to remove the scareware on the Apple Support forum.

However Chester Wisniewski of security firm Sophos questioned Apple’s approach to the problem, as cybercriminals would simply create more variants to get around any defences the company puts in place.

“Are they going to develop their own anti-virus software? The fast pace with which new variants arrive requires a very different style of software development and updating than Apple is accustomed to.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now