An e-mail belonging to ChronoPay financial controller Alexandra Volkova has been traced to MacDefender and Mac Security Scareware incidents, according to a new web security report.
ChronoPay owns the mail-eye.com domain and pays for virtual servers in Germany that run the mac-defence.com and macbookprotection.com domains.
Mac malware was directing users to pay for software on the two domains. The e-mail unveiled was linked to both domains.
The WHOIS information for both domains includes the contact address of firstname.lastname@example.org. Last year, ChronoPay suffered a security breach in which tens of thousands of internal documents and emails were leaked. Those documents show that ChronoPay owns the mail-eye.com domain and pays for the virtual servers in Germany that run it. The records also indicate that the email@example.com address belongs to ChronoPay's financial controller Alexandra Volkova, the report by Brian Krebs of Krebs on Security reported.
Apple on Tuesday admitted that the problem existed this week.
A recent phishing scam has targeted Mac users by redirecting them from legitimate websites to fake websites which tell them that their computer is infected with a virus. The user is then offered Mac Defender anti-virus software to solve the issue, apple said in a support bulletin.
This anti-virus software is malware (i.e. malicious software). Its ultimate goal is to get the user's credit card information which may be used for fraudulent purposes, the bulletin said, noting the most common names for the malware are MacDefender, MacProtector and MacSecurity.
Apple will issue a software update for Mac OS X that will remove the malware and its variants.