Raid on Russian Firm May Have Taken Down MacDefender Malware
Except it was all fake. There were no viruses, just a piece of software trying to trick users into handing over their credit card numbers.
The hidden developer behind MacDefender continued to release new variants of the malware into the wild, resulting in a cat-and-mouse game as Apple continued to ban new variants of the software.
Then, one day, MacDefender simply disappeared. Richard Gaywood, at TUAW, pointed out that Apple hadn't updated its malware definitions -- the code designed to kill MacDefender -- since June 18.
Brian Krebs might have the answer:
On June 23, Russian police arrested Pavel Vrublevsky, the co-founder of Russian online payment giant ChronoPay and a major player in the fake AV market.The last release of MacDefender occurred on June 18. ChronoPay's offices are raided June 23. A coincidence perhaps, or Russian law enforcement saving Mac users from fake antivirus software.
In May, I wrote about evidence showing that ChronoPay employees were involved in pushing MacDefender — fake AV software targeting Mac users. ChronoPay later issued a statement denying it had any involvement in the MacDefender scourge.
But last week, Russian cops who raided ChronoPay’s offices in Moscow found otherwise. According to a source who was involved in the raid, police found mountains of evidence that ChronoPay employees were running technical and customer support for a variety of fake AV programs, including MacDefender.