New 'MACDefender' Malware Threat for Mac OS X

094840 macdefender

Antivirus firm Intego today noted the discovery of new malware known as "MACDefender" targeting Mac OS X users via Safari. According to the report, the malware appears to be being deployed via JavaScript as a compressed ZIP file reached through Google searches.

When a user clicks on a link after performing a search on a search engine such as Google, this takes them to a web site whose page contains JavaScript that automatically downloads a file. In this case, the file downloaded is a compressed ZIP archive, which, if a specific option in a web browser is checked (Open "safe" files after downloading in Safari, for example), will open.

More information is available in Apple's support communities (1, 2), where users report that the malware is popping up directly in Google image searches.

Users running administrator accounts and with the Safari option to open "safe" files automatically checked appear to be most at risk, with some claiming that no notification of installation was seen or password required. Only when a screen popped up asking for a credit card number to sign up for virus protection did they realize that malware had been installed on their systems.

For those infected with the MACDefender malware, the following steps are recommended:

1. Open Applications > Utilities > Activity Monitor and quit any processes linked to MACDefender.

2. Delete MACDefender from the Applications folder.

3. Check System Preferences > Accounts > Login Items for suspicious entries

4. Run a Spotlight search for "MACDefender" to check for any associated files that might still be lingering.

Full details on the malware and the simplest steps needed for its complete removal are still being investigated.

Users are of course reminded that day-to-day system usage with standard accounts rather than administrator ones, as well as unchecking the Safari option for automatically opening "safe" files, are two of the simplest ways users can enhance their online security, adding extra layers of confirmation and passwords in the way of anything being installed on their systems.

Top Rated Comments

miles01110 Avatar
140 months ago
lol

10 years and finally a malware attack.

Still unreal.

:D

Actually there's been malware for OS X since it was introduced. There is malware for every operating system.

Nothing can defend against user stupidity.
Score: 8 Votes (Like | Disagree)
KnightWRX Avatar
140 months ago
WOW! Malware that requires the user to do a Google search, then download, and install. For all of this, it asks for your credit card number.

How can we ever defend our computers against such a diabolical threat?!
Hum, download and install are automatic. Good thing I don't use Safari.


As I understand it, Safari will open the zip file since it's a "safe" download. But that doesn't mean it'll execute the code within that zip file, so how is this malware executing without user permission?
I haven't seen this malware first hand, but a zip file can be made with absolute paths, making "unzipping" the file put everything where it needs to be to start up automatically on next log in/reboot.

Who's the brainiac who made zip files "safe" ?

so much for the no malware on macs myth :D
funny how the apple fanboys are getting all defensive :rolleyes:
No viruses on the Mac. There's been malware for OS X for quite a while now.
Score: 8 Votes (Like | Disagree)
*LTD* Avatar
140 months ago
Mac OS X fanboys really need to stop clinging to the mentality that "viruses" don't exist for OS X

They don't.
Score: 6 Votes (Like | Disagree)
GGJstudios Avatar
140 months ago
4. Run a Spotlight search for "MACDefender" to check for any associated files that might still be lingering

That's a sure way *not* to find any related files.
The only effective method for complete app removal is manual deletion:
Best way to FULLY DELETE a program (https://forums.macrumors.com/showpost.php?p=11171082&postcount=16)
One thing Macs need anti-virus is to scan mails for Windows viruses, so that those doesn't to you PC. That is all.
That doesn't protect Windows PCs from malware from other sources, which is a far greater threat than receiving files from a Mac. Each Windows user should be running their own anti-virus, to protect them from malware from all sources.
Yes so much. Because Malware can copy itself and infect a computer.
No, only a virus can do that. A trojan requires user involvement to spread.
So few virus for MAC than when one appears it is news... :)
This isn't a virus.
Mac OS X fanboys really need to stop clinging to the mentality that "viruses" don't exist for OS X and that "malware" is a Windows-only problem.
I agree. While no Mac OS X viruses exist at this time, that doesn't mean they won't in the future. And malware has always been a threat. What's important is to understand the kinds of threats and the most effective methods for protection.

The fact is, the days of viruses are long gone.
I wouldn't go so far as to say that. Just when you do, someone will release a new virus into the wild. While they may not be as prevalent as they once were, they're by no means extinct.

The fact is, understanding the proper terminology and different payloads and impacts of the different types of malware prevents unnecessary panic and promotes a proper security strategy.

I'd say it's people that try to just lump all malware together in the same category, making a trojan that relies on social engineering sound as bad as a self-replicating worm that spreads using a remote execution/privilege escalation bug that are quite ignorant of general computer security.
The best defense a Mac user has against current malware threats is education and common sense. Understanding the basic differences between a virus, trojan, worm, and other types of malware will help a user defend against them. Doing simple things like unchecking the "Open "safe" files after downloading" option is quite effective.

I despise the "X is a file downloaded from the Internet" dialog introduced in SL. Really wish you could disable it.
That's one of the simple lines of defense for a user, as it lets them know they're about to open a newly-downloaded app. It only does that the first time you launch the app, so why bother disabling such a helpful reminder?
To the end user it makes no difference. It's fine if you know, but to a novice quickly correcting them on the difference between a virus, a trojan, or whatever else contributes approximately zero percent towards solving the problem.
Actually, it helps a user to have some understanding about malware. Part of the problem is a novice user is likely to engage in dangerous activities, such as installing pirated software, unless they know what a trojan is and how it infects a system. Also, understanding what a virus is, how it spreads, and the fact that none exist for Mac OS X will prevent them from instantly assuming that everything unexpected that happens on their Mac is the result of a virus. Also, understanding that antivirus apps can't detect a virus that doesn't yet exist will prevent them from installing AV and having a false sense of security, thinking they're immune to threats. Educating a user goes a very long way in protecting them, by teaching them to practice safe computing habits.

Mac Virus/Malware Info (https://forums.macrumors.com/showpost.php?p=9400648&postcount=4)
Score: 5 Votes (Like | Disagree)
dethmaShine Avatar
140 months ago
unbiased as opposed to a Mac site.... yeah right!


Mac users tend to be a better target for old fashioned phishing/vishing because...well, 'nothing bad happens on a Mac..' right?

Now from google pointing 'sources', you are consistently jumping on to mac users, eh?

Good going.

Yup nothing happens to my mac except for what I do it. It's that simple. Why don't you just ask Google why they decided to abandon Windows?
Score: 4 Votes (Like | Disagree)
3282868 Avatar
140 months ago
unbiased as opposed to a Mac site.... yeah right!


Mac users tend to be a better target for old fashioned phishing/vishing because...well, 'nothing bad happens on a Mac..' right?

Sure it can, but it's the percentage and the variables of these "bad" incidents that are key as you are generalizing without specifics.

How about unbiased studies, and percentages of viruses and malware between the two? Those would be facts (again, from an impartial party/experiment).

Also, you're on a Mac based website, so of course there are OS X defenders. Go to Engadget, et al if you don't wish to be here, you're free to decide :)
Score: 4 Votes (Like | Disagree)

Popular Stories

iPhone 14 Mock pill and hole thumb

ProMotion Now Expected to Remain Exclusive to iPhone 14 Pro Models, Not Expand to Entire Lineup

Sunday January 16, 2022 8:56 am PST by
Continuing the tradition set with the iPhone 13 Pro, only the highest-end iPhone 14 models will feature Apple's ProMotion display technology, according to a respected display analyst. Ross Young, who on multiple occasions has detailed accurate information about Apple's future products, said in a tweet that ProMotion will not be expanded to the entire iPhone 14 lineup and will remain...
AirPods Pro Gen 3 Mock Feature Red

AirPods Pro 2 Could Start a New Accessory Ecosystem

Friday January 14, 2022 2:34 am PST by
Apple's second-generation AirPods Pro could arrive alongside a new series of accessories, recent leaked images suggest. Alleged leaked photos of the next-generation AirPods Pro obtained by MacRumors showed a charging case with a metal loop on the side for attaching a strap. Apple has not used this design for any of its other AirPod models and it is unclear why it would be added in this...
Unlikely Products 2022 Feature

Six Rumored Apple Products You're Unlikely to See This Year

Saturday January 15, 2022 2:06 pm PST by
Much has been said about what consumers could see from Apple in 2022, but the company is also working on a handful of rumored products that aren't expected to be unveiled for at least another 12 months, and in some cases a lot longer. Of course, that's assuming they get released at all. Apple works on many potential products some of which ultimately never see the light of day. With that in...
safari icon blue banner

Safari Bug Allows Websites to Track Your Recent Browsing Activity in Real Time

Sunday January 16, 2022 3:37 pm PST by
A bug in WebKit's implementation of a JavaScript API called IndexedDB can reveal your recent browsing history and even your identity, according to a blog post shared on Friday by browser fingerprinting service FingerprintJS. In a nutshell, the bug allows any website that uses IndexedDB to access the names of IndexedDB databases generated by other websites during a user's browsing session....
ipad air 4 video

New iPad Air Rumored to Launch This Spring With A15 Chip, 5G, Center Stage Camera, and More

Saturday January 15, 2022 8:05 pm PST by
Apple is planning to release a fifth-generation iPad Air with similar features as the sixth-generation iPad mini, including an A15 Bionic chip, 12-megapixel Ultra Wide front camera with Center Stage support, 5G for cellular models, and Quad-LED True Tone flash, according to Japanese blog Mac Otakara. Citing reliables sources in China, the report claims that the new iPad Air could be...
netflix2

Netflix Again Raises Prices for All Plans, 4K Streaming Now $20 Per Month

Friday January 14, 2022 12:46 pm PST by
Netflix today updated the prices for its streaming plans, and all of its offerings are now more expensive. The Basic plan is now priced at $9.99 per month, the Standard plan is priced at $15.49 per month, and the Premium plan is priced at $19.99 per month. The Basic plan is $1 more expensive, up from $8.99 per month. This plan allows users to watch on just one screen at a time, and it limits ...
top stories 20220115

Top Stories: iPhone 14 Pro Rumors, iCloud Private Relay Controversy, iOS 15.2.1 Released, and More

Saturday January 15, 2022 6:00 am PST by
Hole-punch? Pill? Hole-punch and pill? Rumors about what the front camera system on the iPhone 14 Pro will look like are evolving rapidly, and it now appears we might be getting a novel but potentially controversial design later this year. Other major stories this week included some confusion and controversy about iCloud Private Relay being disabled for some T-Mobile customers, increasing...
iPhone 14 Mock pill and hole 16x9 120hz

Analyst: All iPhone 14 Models to Feature 120Hz Displays, 6GB of RAM, and More

Friday January 14, 2022 7:02 am PST by
Apple is rumored to announce four new iPhone 14 models in September, and ahead of time, analyst Jeff Pu has outlined his expectations for the devices. In a research note with Haitong International Securities, obtained by MacRumors, Pu claimed that all iPhone 14 models will feature ProMotion displays, compared to only Pro models currently. ProMotion enables a variable refresh rate up to 120Hz ...