New Variants of the MAC Defender malware are appearing, less than a month after the first.
MAC Defender is a piece of fake antivirus software (or 'scareware') that pretends to scan for viruses, when in fact it redirects the user's browser to pornographic web sites (to convince a user that the computer is infected). It then asks for credit card information to buy a license to use the software. It is not clear yet to whom the credit card information is sent.
Intego's latest note details a new variant of the malware. The first version asked for an administrator password before installing itself on the user's Mac. The new one doesn't need that, making it that much easier to get onto the system. It has also picked up a new name, MacGuard.
The security firm Intego first flagged MAC Defender on its blog on May 2. The authors planted certain tags and keywords around various web sites, which made search engines display links to sites that had the malware prominently. Many users were thus directed to compromised sites that looked like a Windows machine performing a virus scan.
Apple has posted instructions for removing the MAC Defender scareware, even as new variants are appearing.
To get rid of the malware once it is installed one has to launch the Activity Monitor utility. After stopping the MAC Defender process (it often has names such as MacDefender, MacSecurity or MacProtector) the malware can be taken out of the Applications folder and moved to the trash. Apple says it will also publish a software update that will automatically remove MAC Defender in the coming days.
The simplest way to prevent it from getting installed on your computer is to make sure that the browser-whichever one you use - does not automatically open files on downloading them.
MAC Defender has gotten a lot of attention in part because malware and viruses for Macintoshes are rare. While Windows users have had to deal with them often, the very fact that Macs are a smaller part of the operating system market means that hackers have historically not bothered to write malware or viruses.
Several sites such as ZDNet are reporting that MAC Defender has caused a spike in technical support calls and visits to the Genius Bar at many Apple retailers.