New 'MACDefender' Variant Installs Without Admin Password Requirement
Antivirus firm Intego today reported that it has discovered a new variant of the "MACDefender" malware that ups the ante by not requiring an administrator password for installation. The step is accomplished by installing the application only for the current user.
Unlike the previous variants of this fake antivirus, no administrator's password is required to install this program. Since any user with an administrator's account - the default if there is just one user on a Mac - can install software in the Applications folder, a password is not needed. This package installs an application - the downloader - named avRunner, which then launches automatically. At the same time, the installation package deletes itself from the user's Mac, so no traces of the original installer are left behind.
The second part of the malware is a new version of the MacDefender application called MacGuard. This is downloaded by the avRunner application from an IP address that is hidden in an image file in the avRunner application's Resources folder.
Late yesterday, Apple issued its first public notice on the MACDefender malware, providing users with steps for avoiding or removing the software, as well as reporting that a Mac OS X software update to be released in the "coming days" will automatically find and remove MACDefender and its known variants. The update will also alert users if they are about to download one of the malware applications.
It is unknown whether protection against the new "MacGuard" variant will be included in the software update from Apple, but the company will almost certainly have to keep on its toes to address the quickly evolving threat.
Popular Stories
Last year's iPhone 13 Pro models were the first of Apple's smartphones to come with 120Hz ProMotion displays, and while the two iPhone 14 Pro models will continue to feature the technology, their screens could well boast expanded refresh rate variability this time round.
To bring ProMotion displays to the iPhone 13 Pro models, Apple adopted LTPO panel technology with variable refresh...
Leaker Jon Prosser today shared ostensibly accurate renders of the iPhone 14 Pro, providing the most accurate look yet at what the device could look like when it launches later this year.
In the latest video on YouTube channel Front Page Tech, Prosser revealed renders of the iPhone 14 Pro made by Apple concept graphic designer Ian Zelbo, highlighting a range of specific design changes...
With around four months to go before Apple is expected to unveil the iPhone 14 lineup, the overwhelming majority of rumors related to the new devices so far have focused on the iPhone 14 Pro, rather than the standard iPhone 14 – leading to questions about how different the iPhone 14 will actually be from its predecessor, the iPhone 13.
The iPhone 14 Pro and iPhone 14 Pro Max are expected...
The iPhone 14 will feature a more expensive "high-end" front-facing camera with autofocus, partly made in South Korea for the first time, ET News reports.
Apple reportedly ousted a Chinese candidate to choose LG Innotek, a South Korean company, to supply the iPhone 14's front-facing camera alongside Japan's Sharp. The company is said to have originally planned to switch to LG for the iPhone...
Apple today confirmed that the keynote event for the Worldwide Developers Conference will begin at 10:00 a.m. Pacific Time on June 6, the first day of WWDC. The keynote will be an online-only event, though a select number of developers have been invited to the Apple Park campus for a viewing event.
In addition to confirming the keynote date and time, Apple has shared the full WWDC 2022...
Apple today announced new Pride bands for the Apple Watch, with new Pride Edition Sport Loop and Pride Edition Nike Sport Loop options available.
The new Pride Edition bands are available to order today for $49 on Apple.com and in the Apple Store app, and will be available at Apple Store locations starting May 26. The Pride Edition Nike Sport Loop is also coming soon to Nike.com.
This...
Top Rated Comments
I have not contradicted myself. Go back and forth on what ? Virus is a type of malware. Spyware is another. Trojans are yet another.
There are Mac malware out in the wild.
There aren't any Mac viruses out in the wild.
Both statements are true.
The days of malware-free macs have BEEN over (https://www.macrumors.com/2006/02/16/mac-os-x-virus-trojan-summary/). This appears to be the first malware that is actually getting decent press coverage.
Most Mac users used to be Windows users at one time or another. Including yours truly.
WTF is a "demonator"?
Downloaded apps will not launch automatically if you uncheck this option in Safari. Not sure about other Browsers. So as long as you don't launch the installer, you are fine.