Mac users hit by first rogue antivirus app
Poisoned searches - including Bin Laden death - used as lure
By John E Dunn | Techworld | Published: 13:32, 03 May 2011
Mac users are being warned to study search engine results carefully for the first significant fake antivirus ‘scareware’ program to target the platform and its loyal following.
The threat has been named OSX/MacDefender.A by Mac security specialists Intego, which on its own offers a clue to its unusual nature. This is not simply a cross-platform threat looking to widen its net to catch a few extra victims but a specially written program Mac application that just happens to be bogus.
The scam is identical in form to the large numbers of scareware scams faced by Windows users day in, day out. A malware link encountered through a poisoned search – currently including ones mentioning the death of Osama Bin Laden - launches a Java-based scan script that claims to find malware on the user’s system.
Related Articles on Techworld
If the victim falls for this ruse, the malware starts to install a convincing-looking but bogus application called MAC Defender, which also requests the admin password. The application will then launch itself every time the Mac is turned on and makes it as difficult to stop running as the Dock function has been disabled.
“This application is very well designed, and looks professional,” note researchers for Intego, which first publicised the threat. “There are a number of different screens, and the grammar and spelling are correct, the buttons are attractive, and the overall look and feel of the program give it a professional look. It will occasionally display alerts, telling users that viruses are found.”
Fake antivirus has been around on Windows for several years where it has become a mundane and common threat barely worth mentioning. In the Mac world, it is unheard of which gives the criminals who took time and care to craft a Mac-only application the motivation to look for new victims.
It is worth mentioning, however, that the latest attack also comes in a.exe version to target Windows users.
Apple users tempted to pay for antivirus software in order to counter an infection, however imaginary, should be reminded that free programs for Macs are available from several companies, including Sophos and PC Tools.
