New Mac Trojan horse masquerades as virus scanner

By and large, Mac users have been able to escape the onslaught of malware that their Windows counterparts suffer from. But every once in a while, a piece of nastiness slips into the wild. The latest offender is a Trojan horse by the name of MAC Defender, which purports to be a virus-scanning application. In fact, it does little more than encourage users to give up their credit card information.

Identified by security firm Intego, MAC Defender spreads via search engine optimization (SEO) poisoning—that is, it uses commonly searched terms to get prominent placement in search engine results. So, users looking for legitimate protection against viruses on their Macs might be duped into downloading and installing MAC Defender instead.

Once installed, the program apparently pretends to detect viruses and opens Web browser windows with pornographic sites, to help sell the charade that the computer is infected. It also configures itself to launch at startup and is difficult to quit as it only appears as a menu bar icon and not in OS X’s Dock.

If users try to clean the viruses, they first have to register MAC Defender; clicking on the link to do so via the program’s About screen takes them to an unsecure Website that offers a 1-year, 2-year, or lifetime license to the program for $60, $70, or $80 respectively. Registering halts the virus warnings, thus “confirming” that the program is working.

As nefarious as MAC Defender might be, the level of concern over infection remains low: Users must be tricked into downloading and installing the program, as well as entering their administrator password.

For those users who Intego says its VirusBarrier X5 and X6 software will protect users from installing this application inadvertently; its VirusBarrier Plus and VirusBarrier Express products, available in the Mac App Store, will also detect it with the most recent malware definition update, but they won’t prevent the installation.

As with the rare Mac malware threats that have arisen in the past, the best defense against a Trojan horse like MAC Defender is education and common sense. There’s no need to panic, as long as you’re taking the usual proper precautions while browsing the Web. For example, users should uncheck Safari’s ‘Open “safe” files after downloading’ option in the General pane of its Preferences, which prevents files like ZIP archives from automatically being opened. And, of course, they should always be wary of installing any application from an unknown source.

Subscribe to the Apple @ Work Newsletter

Comments