See more...

Remove MACDefender: Malware Targeting Mac Users Using Google Images

Over the past week, a new series of malicious software packages with names like MACDefender, MacSecurity and MacProtector have started to infect Apple's computing platform. Mac owners usually need not to worry about viruses or spywares, but this time MACDefender seems to have caused a lot of issues for them. Apple's discussion forum has started to flood with users asking AppleCare and others for help on this topic.

MacDefender Malware
How MACDefender performs the SEO poisoning assault? One of the main targets of SEO poisoning is via the Google Image search and MACDefender puts this mode of attack into play. This method is the most preferred because it is harder to trick out a full web page and get it to appear high in Google's SERPs than it is to get images high in the list. When a user clicks on a thumbnail in the Google Images search results, it takes the user to a web site whose page contains an unsafe JavaScript code that automatically downloads a file. The download is a compressed ZIP archive, which opens automatically, if a specific option within a web browser is checked i.e to Open "safe" files after downloading incase of Safari.
MacDefender Installer
Once the zip file download is complete, an auto decompression follows. The user is then greeted with the "two-faced" installer window just like the one above. What seems to be more deceptive to a Mac user is that since this installer comes with a legitimate yet fake EULA acceptance. On the contrary, it doesn't infect your Mac with a virus, run a keylogger or any 3rd party app in the background but once installed, it lures the user into providing their Credit Card details as part of this scam.

Many people who approached AppleCare actually believed this to be an installation recommended by Apple. Surprisingly, Apple is not willing to take any steps to resolve this malware attack issue for its customers. Instead, Apple has instructed all its Apple reps to do nothing at all in accordance with a leaked memo that was sent across to all the Apple reps at AppleCare. Apple doesn't want you to even get redirected to an Apple Retail Store. How much more worse can it get?

Apple's Memo Snippet:

  • Do not confirm or deny that any such software has been installed.
  • Do not attempt to remove or uninstall any malware software.
  • Do not send any escalations or contact Tier 2 for support about removing the software, or provide impact data.
  • Do not refer customers to the Apple Retail Store. The ARS does not provide any additional support for malware.

If you have been infected by MACDefender, you need to make sure that it doesn't reside on your computer anymore. Thanks to TheNextWeb, all you need to do is follow these simple steps to disable and remove MACDefender for good.

Step 1: To ensure you do not automatically download the app, uncheck the following: Safari > Preferences > General > uncheck "Open "safe" files after downloading".

Step 2: Searching for the application and deleting it directly may fail, saying the app is in use. To stop it running, check Activity Monitor (in Applications > Utilities) and disable anything that relates to MACDefender.

Step 3: Look in /Library/StartupItems and, same place, LaunchAgents and LaunchDaemons for references to the malware app. Once quit, head to the Applications folder and drag the MACDefender app to the trash, then delete trash.

Step 4: To ensure all references to the app are cleared, run a search using Spotlight and delete all MACDefender references you find.

We recommend you to stay clear of any such suspicious downloads and installs. Unlike a virus or worm that infects computers without admin privilages, MACDefender trojan requires an administrator to provide his/her password and knowingly install the malicious software. This definitely has raised security concerns about the browsing security of Safari and we really wonder why Apple hasn't yet come out with an official solution or a fix for this issue? Hopefully, Apple will release a much safer Safari update to avoid such malware attacks in future. [via Intego]

Contact Us for News Tips, Corrections and Feedback

Related posts

Leave a message...