Tuesday, May 03, 2011

Mac Users Beware A New Fake Anti-Virus App Is Targeting You

The threat of fake antivirus software and scareware is nothing new and have been around on Windows for several years. In the Mac world however, its a rare site seeing these finally crafted applications that look just like the real thing. The security firm Intego reported Monday that they had found just that. A new scareware scam that is targeting Mac users.

The MAC Defender application is a legitimate piece of Anti-Virus software. However scammers have launched a bogus application that looks much like the real software. Prompting the developers of the legitimate MacDefender software to put up a full page notice warning Mac users of the existence of the bogus application.

The bogus MAC Defender application named OSX/MacDefender.A looks as real as any other software. There are a number of different screens, and the grammar and spelling are correct, the buttons are attractive, and the overall look and feel of the program give it a professional look. That is where the comparison to the legit software ends. The bogus Mac Defender acts like any other form of scareware. It initially uses a secondary site with a Java-based scan script that claims to find malware on the user's system. If the victim falls for the claims and allows the download the malware starts to install a convincing-looking but bogus application called "MAC Defender", which also requests the admin password. Once installed the application will then launch itself every time the Mac is turned on.

The application will then begin popping up telling users that they have been infected with a virus and in order to clean the infection they first have to register their copy of MAC Defender; clicking on the link to do so via the program's About screen takes the users to an unsecure Website that offers a 1-year, 2-year, or lifetime license to the program for $60, $70, or $80 respectively. Registering halts the virus warnings, thus "confirming" that the program is working.

In actuality the infection remains as the bogus software is still there. In the case of many version of Windows based scareware infections the program may not just sit there dormant. Typically the software hosts a Trojan which also installs other viruses or malicious code that can be used to gain further information about the user. Its not clear if this software does that or not but potentially infected users should remove it as quickly as possible

To remove the fake MAC Defender application start by going to Activity Monitor in Applications > Utilities and disabling anything that relates to the file. Then find any references to the application in Startup Items, Launch Agents and LaunchDaemons and quit out of anything that's running. In the Applications folder, drag the MAC Defender app to the trash and run a Spotlight search to locate any MAC Defender references you may have missed, trashing whatever you find.

For more details and screenshots of the bogus application visit the Mac Security Blog from Intego.

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you