Macintosh users love the fact that they get very few virus infections, but there is a new and rather sinister program which is targeting the user base. Research is showing that the infection is four to five times higher than normal.
The Malware is devious, because it is posing as a fake antivirus program under the names of Mac Defender, Mac Security and Mac Protector. This tool is used to scare users into thinking that their computer is infected with malware. The solution is to pass over a credit card number to ‘clean the machine’.
Mac antivirus firm Intego, warned about Mac Defender earlier this month. They sites the rogue program makers are using are targeted high on search engine results to get as many people as possible targeted. When the malicious sites are taken down they just pop up again, elsewhere. They are using an image related to popular news topics to get people to click and then fake ‘infection’ warnings are shown, to scare the Mac user base.
It isn’t being classed as an epidemic yet, but Ed Bott at ZDNet is saying that AppleCare support representatives are getting high volumes of calls on their support lines about the problem. Bott is taking the problem seriously and has posted resource information to help representatives deal with the problem. There have been hundreds of discussion threads on Apple.com about the subject, including comments from people who had fallen for the scam, passing over credit card information for the cure.
Genuine security firm Intego have been contacted by a huge number of people who are worried about the malware and they have been sourcing the code from customers who have been infected. “The news stories were making it worse because it makes Mac users worried and they are more convinced that the fake antivirus warning is real. It’s a self perpetuating process.” Intego said.
Apple have not issued a public statement on the problem.
According to ZDNet, the workings of the malware is straightforward:
In other versions, just visiting the site downloads a zip file to the hard drive with a name like “MacDefender” or “MacSecurity” and an extension of .mpkg. If your Mac is set up to automatically open “safe” files, a screen will offer to guide you through the installation process. Clicking “continue” will display another screen that asks for your administrative password and the application is launched. A window will display saying your machine is infected, offering the option of cleaning up the computer if you register and provide credit card information.
After installation, a menu item is added to the Mac OS X menubar. The icon looks like a small orange shield that turns red and flashes when it “finds” viruses. If you fail to “register” and provide your credit card information the malware will start to open up porn pages in your browser in an attempt to spur you to pay. The malware will re-launch every time you log into your Mac thereafter until it is removed. It also does not install a dock icon so it is not easy to close the program and you will need to end the process through the Activity Monitor before removing the malware.
KitGuru says: Its rather devious, and hopefully not the start of Mac targeted scam campaigns.