Mac Defender, the first major attack ever to strike Apple computers, has been traced to a Russian online payment service site ChronoPay, according to Brian Krebs, an online security researcher.

Earlier this month, Mac Defender and their variants – Mac Security and Mac Protector – surfaced the web, causing panic in the Mac community. The scamware (scam + malware) gives fake warning messages to Mac users to install anti-virus software, which is actually the malware program in disguise. It will also open up random porn sites as pop-up window to fool the users that their device is under attack. Upon entering the administrator password and install the product, the scamware lures the user to give their credit card information. A later version, Mac Guard, can install itself without the password.

Apple, who had been quiet about the issue for several weeks, has finally given step-by step instruction on how to remove it and also promised for a software update soon that will automatically search and remove Mac Defender and its similar kinds (click here).

In the mean time, an online security researcher had been investigating the issue and discovered that a Russian online payment processor called ChronoPay is linked to the malware.

“Some of the recent scams that used bogus security alerts in a bid to frighten Mac users into purchasing worthless security software appear to have been the brainchild of ChronoPay, Russia’s largest online payment processor and something of a pioneer in the rogue anti-virus business,” wrote Brian Krebs on his blog

Krebs traced two domains that infected users were directed to - and – and claimed that they were associated with ChronoPay. The two domains, according to Krebs, were registered under, which belonged to ChronoPay’s financial controller Alexandra Volkova.

Krebs adds that ChronoPay is “an unabashed ‘leader’ in the scareware industry for quite some time.”

However, ChronoPay denies any responsibility regarding being involved with Mac Defender.

“ChronoPay completely and totally disavows the most recent blog postings and publications alleging a connection between ChronoPay and Mac Defender and assures our customers that our company is not involved with Mac Defender in anyway, not are we involved with any virus production as has been alleged,” wrote ChronoPay on their website.