Antivirus firm Intego today noted the discovery of new malware known as "MACDefender" targeting Mac OS X users via Safari. According to the report, the malware appears to be being deployed via JavaScript as a compressed ZIP file reached through Google searches.
When a user clicks on a link after performing a search on a search engine such as Google, this takes them to a web site whose page contains JavaScript that automatically downloads a file. In this case, the file downloaded is a compressed ZIP archive, which, if a specific option in a web browser is checked (Open "safe" files after downloading in Safari, for example), will open.
More information is available in Apple's support communities (1, 2), where users report that the malware is popping up directly in Google image searches.
Users running administrator accounts and with the Safari option to open "safe" files automatically checked appear to be most at risk, with some claiming that no notification of installation was seen or password required. Only when a screen popped up asking for a credit card number to sign up for virus protection did they realize that malware had been installed on their systems.
For those infected with the MACDefender malware, the following steps are recommended:
1. Open Applications > Utilities > Activity Monitor and quit any processes linked to MACDefender.
2. Delete MACDefender from the Applications folder.
3. Check System Preferences > Accounts > Login Items for suspicious entries
4. Run a Spotlight search for "MACDefender" to check for any associated files that might still be lingering.
Full details on the malware and the simplest steps needed for its complete removal are still being investigated.
Users are of course reminded that day-to-day system usage with standard accounts rather than administrator ones, as well as unchecking the Safari option for automatically opening "safe" files, are two of the simplest ways users can enhance their online security, adding extra layers of confirmation and passwords in the way of anything being installed on their systems.
Top Rated Comments
Actually there's been malware for OS X since it was introduced. There is malware for every operating system.
Nothing can defend against user stupidity.
I haven't seen this malware first hand, but a zip file can be made with absolute paths, making "unzipping" the file put everything where it needs to be to start up automatically on next log in/reboot.
Who's the brainiac who made zip files "safe" ?
No viruses on the Mac. There's been malware for OS X for quite a while now.
They don't.
Best way to FULLY DELETE a program (https://forums.macrumors.com/showpost.php?p=11171082&postcount=16)
That doesn't protect Windows PCs from malware from other sources, which is a far greater threat than receiving files from a Mac. Each Windows user should be running their own anti-virus, to protect them from malware from all sources.
No, only a virus can do that. A trojan requires user involvement to spread.
This isn't a virus.
I agree. While no Mac OS X viruses exist at this time, that doesn't mean they won't in the future. And malware has always been a threat. What's important is to understand the kinds of threats and the most effective methods for protection.
I wouldn't go so far as to say that. Just when you do, someone will release a new virus into the wild. While they may not be as prevalent as they once were, they're by no means extinct.
The best defense a Mac user has against current malware threats is education and common sense. Understanding the basic differences between a virus, trojan, worm, and other types of malware will help a user defend against them. Doing simple things like unchecking the "Open "safe" files after downloading" option is quite effective.
That's one of the simple lines of defense for a user, as it lets them know they're about to open a newly-downloaded app. It only does that the first time you launch the app, so why bother disabling such a helpful reminder?
Actually, it helps a user to have some understanding about malware. Part of the problem is a novice user is likely to engage in dangerous activities, such as installing pirated software, unless they know what a trojan is and how it infects a system. Also, understanding what a virus is, how it spreads, and the fact that none exist for Mac OS X will prevent them from instantly assuming that everything unexpected that happens on their Mac is the result of a virus. Also, understanding that antivirus apps can't detect a virus that doesn't yet exist will prevent them from installing AV and having a false sense of security, thinking they're immune to threats. Educating a user goes a very long way in protecting them, by teaching them to practice safe computing habits.
Mac Virus/Malware Info (https://forums.macrumors.com/showpost.php?p=9400648&postcount=4)
Now from google pointing 'sources', you are consistently jumping on to mac users, eh?
Good going.
Yup nothing happens to my mac except for what I do it. It's that simple. Why don't you just ask Google why they decided to abandon Windows?
Sure it can, but it's the percentage and the variables of these "bad" incidents that are key as you are generalizing without specifics.
How about unbiased studies, and percentages of viruses and malware between the two? Those would be facts (again, from an impartial party/experiment).
Also, you're on a Mac based website, so of course there are OS X defenders. Go to Engadget, et al if you don't wish to be here, you're free to decide :)