• This forum is for posting news stories or links from rumor sites. When you start a thread, please include a link to the site you're referencing.

    THIS IS NOT A FORUM TO ASK "WHAT IF?" TYPE QUESTIONS.

    THIS IS NOT A FORUM FOR ASKING QUESTIONS ABOUT HOW TO USE YOUR MAC OR SOFTWARE.

    This is a NEWS and RUMORS forum as the name implies. If your thread is neither of those things, then please find the appropriate forum to ask your question.

    If you don't have a link to a news story, do not post the thread here.

    If you don't follow these rules, then your post may be deleted.

MacDefender malware targeting Mac users

Joined
Mar 30, 2005
Messages
9,571
Reaction score
25
Points
48
MacDefender malware targeting Mac users

howtoprotectyourmacfromdefendermalware.jpg

Mac owners usually have little to worry about in terms of computer viruses and spyware, but a new malware attack seems to be causing issues for some users.

According to a report on The Next Web, a specialized malware attack targeting Mac users is making the rounds. Users seem to be targeted as they are browsing Google Images, with one victim reporting that he suddenly received a message stating that his machine had been infected with viruses that only a "MacDefender" application could remove. There is a MacDefender website that highlights a few shareware apps that a dedicated geocacher has written, and the site's owner is warning people to not download the malware app.

The malware appears to be targeting Safari. The browser can be configured so that it will automatically open trusted software, and that appears to be the route of attack that's being used. While the MacDefender malware isn't infecting Macs with a virus or running a keylogger in the background, the author seems to be trying to scare users into providing credit card information by buying the software.

The Next Web provided some useful hints on how to protect yourself from the malware and to remove the pesky app if it is downloaded onto your Mac. If you aren't seeing MacDefender in your Applications folder, you can protect yourself from possible infiltration by unchecking the "Open 'safe' files after downloading" box at the bottom of Safari > Preferences > General (see the area outlined in red in the image above).

If MacDefender is already on your Mac, check out the next page for tips on how to remove it.

Continue reading MacDefender malware targeting Mac users

MacDefender malware targeting Mac users originally appeared on TUAW on Mon, 02 May 2011 13:00:00 EST. Please see our terms for use of feeds.




SourceÂ*|Â*PermalinkÂ*|Â*Email thisÂ*|Â*Comments

Read more
 
Joined
Feb 21, 2011
Messages
71
Reaction score
1
Points
8
Location
Columbia, SC
Your Mac's Specs
2.5GHz i5 MBP, 4GB RAM, 500GB HD, NVIDIA Geforce GT 330m/16GB iPhone 4 in a brick sized otterbox.
It can pop up on Firefox as well - tried to force a download on me yesterday while browsing Google images.
 
Joined
Jun 22, 2008
Messages
3,343
Reaction score
213
Points
63
Location
Forest Hills, NYC
Your Mac's Specs
15-inch Early 2008; Processor 2.4 GHz Intel Core 2 Duo; Memory 4 GB 667 MHz DDR2 SDRAM; 10.7.5
I'm surprised this hasn't cropped up sooner. Safari has always had this hole I think. This technique wouldn't fool experienced users, but surely is a threat to the less savvy and computer illiterate out there. I think it would be wise for Apple to take a bit of control here, and at the very least, reverse the default option so that anything perceived as "friendly" isn't downloaded without warning or consent. At least...

Doug
 

cwa107


Retired Staff
Joined
Dec 20, 2006
Messages
27,042
Reaction score
812
Points
113
Location
Lake Mary, Florida
Your Mac's Specs
14" MacBook Pro M1 Pro, 16GB RAM, 1TB SSD
It can pop up on Firefox as well - tried to force a download on me yesterday while browsing Google images.

Ah, but did it execute? Because on Safari (with the aforementioned setting turned on), it will. Downloading is one thing, but actually running and showing up for the user out of the blue, is quite another.
 
Joined
Feb 21, 2011
Messages
71
Reaction score
1
Points
8
Location
Columbia, SC
Your Mac's Specs
2.5GHz i5 MBP, 4GB RAM, 500GB HD, NVIDIA Geforce GT 330m/16GB iPhone 4 in a brick sized otterbox.
Ah, but did it execute? Because on Safari (with the aforementioned setting turned on), it will. Downloading is one thing, but actually running and showing up for the user out of the blue, is quite another.

No - does not execute in Firefox. I just did a cursory check of my computer to make sure nothing ugly got installed (old Windows habit...) and then went on about my business :)
 
Joined
Feb 1, 2011
Messages
4,407
Reaction score
2,098
Points
113
Location
Sacramento, California
More information about MacDefender here:

MacDefender malware targeting Mac users

The Mac Security Blog » Intego Security Memo

New 'MACDefender' Malware Threat for Mac OS X - Mac Rumors

It's important to understand that MacDefender does not install spyware, it is not a virus, and it does not damage your Macintosh in any way.

Basically all that it does is encourage you to purchase non-existent anti-virus software, and in that way the sociopaths who wrote the program harvest your credit card data.

Though MacDefender can automatically download itself from the Web to your Mac, and the Installer for MacDefender can automatically launch, it still can't install itself without you giving it your administrator password. So...don't give any software installer program your administrator password unless you intended to install something and you know exactly what it is.
 

cwa107


Retired Staff
Joined
Dec 20, 2006
Messages
27,042
Reaction score
812
Points
113
Location
Lake Mary, Florida
Your Mac's Specs
14" MacBook Pro M1 Pro, 16GB RAM, 1TB SSD
Though MacDefender can automatically download itself from the Web to your Mac, and the Installer for MacDefender can automatically launch, it still can't install itself without you giving it your administrator password. So...don't give any software installer program your administrator password unless you intended to install something and you know exactly what it is.

This one doesn't require an admin password, or so our users are telling us. That would limit its effects to the scope of the user's account, but it's still troubling as even that (very good) advice wouldn't have prevented the installation of this one.

EDIT: Never mind. Just saw this thing in action, and indeed it does require an admin password to complete the install. Perhaps the user misinterpreted what I was asking them.
 
Joined
Oct 3, 2009
Messages
2,641
Reaction score
26
Points
48
Location
Albuquerque, New Mexico
Haven't seen it yet. I hope I never do (then again, I don't have a credit card so what does it matter?)
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top