Apple Finally Admits To Mac Malware, Plans A Fix Via OSX Update

Apple has been reluctant to admit the existence of a new piece of malware that is targeting Mac users. So much so that Apple had reportedly been informing tech support representatives not to help Mac users who had been duped into downloading and installing the malicious MacDefender application. (also known as MacProtector and MacSecurity)

With the release of a new support document that offers support on how to avoid or remove Mac Defender malware Apple has finally publicly admitted there was an issue. In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants. The update will also help protect users by providing an explicit warning if they download this malware.

In the meantime, the Resolution section of the support document provides step-by-step instructions on how to avoid or manually remove the malware.

The MacDefender malware was originally discovered by Security firm Intego and originally reported on earlier this month. The professional-looking download tricks users into downloading a malicious file that then installs an applications that looks and acts like a real piece of ant-virus software.

"When a user clicks on a link after performing a search on a search engine such as Google, this takes them to a Web site whose page contains JavaScript that automatically downloads a file. In this case, the file downloaded is a compressed ZIP archive, which, if a specific option in a Web browser is checked ("open safe files" after downloading in Safari, for example), will open," the Intego blog stated.

The application will then begin popping up notifications telling users that they have been infected with a virus and in order to clean the infection they first have to register their copy of MAC Defender. Once the user clicks the link you will be sent off to an unsecure Website that offers a 1-year, 2-year, or lifetime license to the program for $60, $70, or $80 respectively. Registering halts the virus warnings, thus "confirming" that the program is working. When in all reality, outside the malware there was never an infection to begin with.