New rogue AV yields huge uptick in Mac infections

Share this article:

Ongoing rogue anti-virus (AV) malware scams targeting the Mac OS X have grown increasingly nefarious in recent days, leading to a significant uptick in infections, researchers warned this week.

The malware – dubbed MacDefender, MacSecurity, MacProtector and MacGuard – aims to trick users into providing their credit card numbers to purchase phony AV products, according to researchers from several security firms.

Variants of the malware have been spreading since the start of the month through poisoned Google image search results. When users click on a poisoned link, they are redirected to a web page that resembles the Mac's Finder file manager window, which appears to be scanning the computer and detecting a slew of viruses, trojans and backdoors.

The latest strain, discovered on Wednesday, is able to install itself automatically, without prompting for username and password. 

Once installed, the rogue application randomly opens pornographic websites to further scare users into believing their computer is infected, Mikko Hypponen, chief research officer at AV firm F-Secure, wrote in a blog post Friday.

“Even a stubborn user will be convinced he has a problem when random porn sites pop up every few minutes,” Hypponen said. “It's important to notice that these are fake security products. They don't protect the system in any way. They simply try to scam the user into purchasing them for no reason.”

Hypponen said the scam is widespread and F-Secure has received numerous reports of real-world infections.

While Windows remains firmly in the attacker crosshairs, threats targeting the Mac OS X platform have rapidly evolved, Chet Wisniewski, senior security adviser at anti-virus firm Sophos, wrote in a blog post Thursday.

Earlier this month, researchers discovered the first variants of the fake AV malware spreading through poisoned image search results related to the death of Osama bin Laden. Since then, new variants have been released almost daily.

Apple on Tuesday issued an advisory about the scam and promised to deliver a software update in the coming days to automatically find and remove the malware. In the meantime, the computing giant has also provided instructions for manually eradicating it.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.