In a statement posted to its web site on Sunday, the company's vice president of marketing and business development, Dmitry Shmakov, wrote: ChronoPay completely and totally disavows the most recent blog postings and publications alleging a connection between ChronoPay and MacDefender and assures our customers that our company is not involved with MacDefender in anyway, not are we involved with any virus production as has been alleged.
The company is also threatening news organizations and blogs that have reported on the issue with libel suits. ChronoPay will aggressively defend itself against any attacks on the company, against any libel or interference with our legitimate business practices, in any country in the world where our companies good name is attacked or maligned... We thank our loyal customers and assure both our customers and competitors that we have no involvement at all with scareware or malware and warn anyone attacking our company with likes and rumor that we will put the full weight of our company behind the appropriate legal response.
Mac Defender is a piece of fake antivirus software, or scareware, that pretends to scan for viruses, when in fact it redirects the user's browser to pornographic web sites (to convince a user that the computer is infected). It then asks for credit card information to buy a license to use the software. It is not clear yet to whom the credit card information is sent.
The connection between Chronopay and Mac Defender was first reported by security researcher Brian Krebs, who traced the web addresses that the Mac Defender scareware was sending users' credit card information to. He found that the domain names were associated with an email address belonging to Chronopay's financial controller, Alexandra Volkova.
Calls to Chronopay's office in Russia were referred to Shmakov, and an email to him asking for an explanation was not answered.
It is not uncommon for many companies in Russia or central Europe to use firms such as Chronopay, because more mainstream companies such as PayPal won't operate there or make it more expensive. But companies like that also offer an in for scammers and criminals, because they often don't ask for the same kind of documentation that PayPal or MasterCard does.
Krebs also noted that Chronopay has shown up as the payment processor for scareware and malware vendors before. The company was connected to the infamous Conficker worm when it processed payments for trafficconverter.biz, which also told users that they could pay for a method of ridding themselves of it.
The security firm Intego first flagged Mac Defender on its blog on May 2. Since then a variant has appeared that can install itself on a Macintosh operating system without asking for an administrator password. It has also picked up a new name, MacGuard.
Apple has posted instructions for removing the Mac Defender scareware, even as new variants are appearing.
To get rid of the malware once it is installed one has to launch the Activity Monitor utility. After stopping the MAC Defender process (it often has names such as MacDefender, MacSecurity or MacProtector) the malware can be taken out of the Applications folder and moved to the trash. Apple says it will also publish a software update that will automatically remove MAC Defender in the coming days.
The simplest way to prevent it from getting installed on your computer is to make sure that the browser-whichever one you use - does not automatically open files on downloading them.
Mac Defender has gotten a lot of attention in part because malware and viruses for Macintoshes are rare. While Windows users have had to deal with them often, the very fact that Macs are a smaller part of the operating system market means that hackers have historically not bothered to write malware or viruses.
Several sites such as ZDNet are reporting that MAC Defender has caused a spike in technical support calls and visits to the Genius Bar at many Apple retailers.