Malware, Vulnerability Management

New rogue AV yields huge uptick in Mac infections

Ongoing rogue anti-virus (AV) malware scams targeting the Mac OS X have grown increasingly nefarious in recent days, leading to a significant uptick in infections, researchers warned this week.

The malware – dubbed MacDefender, MacSecurity, MacProtector and MacGuard – aims to trick users into providing their credit card numbers to purchase phony AV products, according to researchers from several security firms.

Variants of the malware have been spreading since the start of the month through poisoned Google image search results. When users click on a poisoned link, they are redirected to a web page that resembles the Mac's Finder file manager window, which appears to be scanning the computer and detecting a slew of viruses, trojans and backdoors.

The latest strain, discovered on Wednesday, is able to install itself automatically, without prompting for username and password. 

Once installed, the rogue application randomly opens pornographic websites to further scare users into believing their computer is infected, Mikko Hypponen, chief research officer at AV firm F-Secure, wrote in a blog post Friday.

“Even a stubborn user will be convinced he has a problem when random porn sites pop up every few minutes,” Hypponen said. “It's important to notice that these are fake security products. They don't protect the system in any way. They simply try to scam the user into purchasing them for no reason.”

Hypponen said the scam is widespread and F-Secure has received numerous reports of real-world infections.

While Windows remains firmly in the attacker crosshairs, threats targeting the Mac OS X platform have rapidly evolved, Chet Wisniewski, senior security adviser at anti-virus firm Sophos, wrote in a blog post Thursday.

Earlier this month, researchers discovered the first variants of the fake AV malware spreading through poisoned image search results related to the death of Osama bin Laden. Since then, new variants have been released almost daily.

Apple on Tuesday issued an advisory about the scam and promised to deliver a software update in the coming days to automatically find and remove the malware. In the meantime, the computing giant has also provided instructions for manually eradicating it.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.