Intego: New variant of Mac Trojan horse doesn't require a password
Intego on Wednesday warned Mac users that a new variant of the Mac Defender Trojan horse doesn’t require that you provide an administrator password during the installation process. Like its predecessors, the latest version of the Trojan horse—which calls itself MacGuard—masquerades as virus detection software, in hopes that victims will key in their credit card details into the bogus interface.
The announcement of the new, no-password-required variant comes just one day after Apple posted an update explaining the Trojan horse’s existence, along with instructions on how to remove it from your system. Apple also said Tuesday that a forthcoming OS X update “will automatically find and remove Mac Defender malware and its known variants,” in addition to “providing an explicit warning if [users] download this malware.” It’s unclear at this time whether Apple's planned OS update would address this latest MacGuard variant of the Trojan horse.
Certain sites may cause the malware’s installer to begin downloading onto your Mac automatically, without further interaction from you. To date, one key piece of advice has been that users should avoid entering their administrator passwords into such installers; Intego’s latest announcement means that users will need to be even more vigilant to avoid installing the software.
Precautions from Apple and Intego, as well as general Mac-using common-sense precautions, include disabling Safari’s “Open ‘safe’ files after downloading” option (under Safari -> Preferences -> General), and immediately quitting (or force-quitting) your browser if you see a Web page that attempts to disguise itself as an OS X window.
Again, if you know or fear that you’ve fallen victim to a varient of this Trojan horse, Apple provides detailed instructions on removing it from your system.