New rogue AV yields huge uptick in Mac infections

Share this article:

Ongoing rogue anti-virus (AV) malware scams targeting the Mac OS X have grown increasingly nefarious in recent days, leading to a significant uptick in infections, researchers warned this week.

The malware – dubbed MacDefender, MacSecurity, MacProtector and MacGuard – aims to trick users into providing their credit card numbers to purchase phony AV products, according to researchers from several security firms.

Variants of the malware have been spreading since the start of the month through poisoned Google image search results. When users click on a poisoned link, they are redirected to a web page that resembles the Mac's Finder file manager window, which appears to be scanning the computer and detecting a slew of viruses, trojans and backdoors.

The latest strain, discovered on Wednesday, is able to install itself automatically, without prompting for username and password. 

Once installed, the rogue application randomly opens pornographic websites to further scare users into believing their computer is infected, Mikko Hypponen, chief research officer at AV firm F-Secure, wrote in a blog post Friday.

“Even a stubborn user will be convinced he has a problem when random porn sites pop up every few minutes,” Hypponen said. “It's important to notice that these are fake security products. They don't protect the system in any way. They simply try to scam the user into purchasing them for no reason.”

Hypponen said the scam is widespread and F-Secure has received numerous reports of real-world infections.

While Windows remains firmly in the attacker crosshairs, threats targeting the Mac OS X platform have rapidly evolved, Chet Wisniewski, senior security adviser at anti-virus firm Sophos, wrote in a blog post Thursday.

Earlier this month, researchers discovered the first variants of the fake AV malware spreading through poisoned image search results related to the death of Osama bin Laden. Since then, new variants have been released almost daily.

Apple on Tuesday issued an advisory about the scam and promised to deliver a software update in the coming days to automatically find and remove the malware. In the meantime, the computing giant has also provided instructions for manually eradicating it.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Report: Stolen card data is crime that concerns Americans most

A recent Gallup Crime poll indicates that Americans' top two worries revolve around having credit card data stolen or their computer or smartphones compromised.

Phishing campaign passes off Pony Stealer trojan as 'overdue invoice'

The malware has previously been used to steal $220,000 worth of bitcoins from victims.

Popular Science served up Rig Exploit Kit on its website

The monthly science magazine served up malicious code to readers earlier this week and has remedied the issue.