ChronoPay, a Russian payment service company, has vehemently denied accusations that Mac Defender, the first scamware ever to strike Apple computers, is its “brainchild.”
After Mac Defender (variants Mac Security and Mac Protector) and Mac Guard (upgraded version of Mac Defender) struck the Mac community earlier this month, Brian Krebs, an online security researcher and the former reporter for The Washington Post, has vigorously been claiming that the scamware is the “brainchild” of ChronoPay, Russia’s largest online payment processor.
“A few days after the first attacks surfaced, experienced Mac users on Apple support forums began reporting that new strains of the Mac malware were directing users to pay for the software via a domain called mac-defence.com. Others spotted fake Mac security software coming from macbookprotection.com,” Krebs said.
Krebs said he checked the registration record for both the domains and was “unsurprised to find the distinct fingerprint of ChronoPay… as the source of bogus security software.”
The contact email for both the domains was email@example.com, which belongs to ChronoPay’s financial controller Alexandra Volkova. Webpoint.name, a Czech Republic registrar of domain names, has suspended mac-defence.com and macbookprotection.com since news of the scamware became public.
Besides mac-defence.com and macbookprotection.com, two other Apple related domains – appledefence.com and appleprodefence.com – were registered using the same email contact.
A quick check with whois.com shows that appledefence.com and appleprodefence.com domain names have also been suspended.
According to Krebs, ChronoPay is “an unabashed ‘leader’ in the scareware industry for quite some time.”
Krebs claims that in 2008, ChronoPay was “the core processor for trafficconverter.biz, the rogue anti-virus affiliate program that was designed to be the beneficiary of the first strain of the Conficker worm, a menacing contagion that still infects millions of PCs worldwide.”
Krebs also claims that last March, ChronoPay was at “the forefront of another emerging scam, when it began processing payments for icpp-online.com, a scam site that targeted filesharing users and stole victims’ money by bullying them into paying a ‘pre-trial settlement’ to cover a ‘Copyright holder fine.’”
However, ChronoPay has vehemently denied the claims that Krebs has made and said it will “aggressively defend itself against any attacks on the company, against any libel or interference with our legitimate business practices, in any country in the world where our companies good name is attacked or maligned.”
The company “completely and totally disavows” the allegations made by Krebs, saying it is “not involved with Mac Defender in anyway.”
It also said it is not “involved with any virus production as has been alleged.”
ChronoPay further goes on to state that it enjoys the trust of Russia’s “state owned companies and internationally recognized brands” and controls a “45% share of the Russian e-commerce market in credit card services.”
Is Mac Defender really the “brainchild” of ChronoPay? Or is ChronoPay the victim of a witch-hunt? Irrespective of whatever truth unveils in coming days or months, one thing is certain – Mac users are not safe anymore.