Apple has finally broken its silence on the MacDefender scareware and other fake AV variants that have been making the rounds recently. The company promised a Mac OS X update to remove the malware.
Apple will deliver a Mac OS X software update “in the coming days” that will automatically find and remove MacDefender malware and its known variants, Apple said in a support document dated 24 May. The update will also provide an explicit warning if the user downloads the malware in the future.
In the document titled, “How to avoid or remove Mac Defender malware,” Apple acknowledged the scam’s existence and outlined steps on avoiding installing the software, deleting it before it is installed and uninstalling if it’s already on the machine.
“This ‘anti-virus’ [MacDefender] software is malware (i.e. malicious software). Its ultimate goal is to get the user’s credit card information, which may be used for fraudulent purposes,” Apple wrote.
This is the company’s first public admission that malware exists for the Mac OS X platform. Apple created a “false sense of security” through its marketing and advertisements, suggesting Apple users are immune to security threats, Chester Wisniewski, senior security adviser at Sophos, told eWEEK.
“Now that some of their flock are affected, it would be good of them to at least point people in the right direction,” Wisniewski said.
Apple warned users against providing credit card information or entering their administrator password when prompted by the software installer.
Apple had remained silent over the past few days after ZDNet’s Ed Bott published a transcript of a conversation with an AppleCare representative and a copy of an internal memo where Apple instructed its support employees not to acknowledge the existence of MacDefender or to offer any assistance in removing the malware.
Users can avoid getting scammed midattack if they force quit their browsers as soon as they see the phony notifications. Because the malware attaches itself to the launch menu and has no dock icon, it is difficult to quit in the normal way, according to Mac security firm Intego.
Apple originally instructed its employees to not teach users how to force quit if they realise that the user was calling about MacDefender. In the latest support document, Apple instructed users how to force quit, delete the downloaded malware and uninstall the software.
A new MacDefender variant has emerged that is more dangerous than the other versions because it does not need a password to be installed, Intego warned on 25 May. Like most Mac OS X applications, MacDefender and others require users to enter the administrator password to authorise the software installer.
MacGuard executes if the user has the “Open ‘safe’ files after downloading” option checked in Safari and does not require any administrator password to install in the Applications folder, Intego said. If the user sees something that looks like a Finder window claiming to be scanning the Mac, “know that this is bogus,” Intego said.
The scam is pretty widespread, with links on Google image searches and other legitimate pages, although it appears that Google has been able to track down and remove a number of malicious links. Bott estimated that the total number of customers affected could be between 60,000 and 125,000, “and growing.”
The malware’s name and user interface are going to change continuously, so Mac users should be on the lookout for the type of behaviour where an application is going to ask for the credit card number, ESET’s Clark said. “There is no legitimate antivirus or security software that alerts you through a browser that malware of any type has been detected then tries to install itself,” Clark said.
Rogue AV has long been a problem for Windows users. Regardless of the platform, all users now need to be security-conscious, according to Wisniewski. “When enough people let their guard down, they are easy targets and criminals will take advantage of the lowest hanging fruit,” said Wisniewski.
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…
View Comments
Nice to see Apple are quick to respond to malware!
Obviously more concerned with protecting the myth that they are safer then helping their customers.