It’s easy to get lured into a false sense of security as a Mac user – after all, Apple’s personal computers are paraded about as virus immune machines. Of course that isn’t a catch-all, and a new report from the Intego Mac Security Blog says there is new malware targeting Mac computers. Apple Discussion forums are also rife with complaints of a program called MacDefender (not to be confused with this site).
The trojan appears to be targeting users browsing Google Images via Safari, who receive a notice claiming their system is infected and they need to install a MacDefender application to remove viruses. MacDefender is able to bypass Safari’s protection system, which automatically accepts trusted software. MacDefender then relaunches every time a user logs in or restarts the computer. There are no terribly obvious effects: The virus doesn’t install anything to run in the background, but it does attempt to swindle users into buying the application via credit card.
MacDefender is using SEO poisoning tactics to infiltrate the systems, meaning that the virus is using popular search terms and forcing its own malicious site to the top of the search results. Unlike most malware and spyware, the link appears completely credible and clicking it allows the trojan to automatically open via Safari’s “Open Safe Files” feature.
The good news is that MacDefender doesn’t really have the potential to spread like wildfire. You first have to search for the specific search term, click on the malware infected option, and authorize installation. The bad news is that it’s fairly hard to spot and has an incredibly professional feel to it. Intego points out that it’s also opening pornographic web pages periodically to try and convince users they have a virus worth buying MacDefender’s supposed software to remove.
If you want to protect yourself
If you haven’t been affected by MacDender and want it to stay that way, simply uncheck the “open safe files after downloading” option by going to Safari, Preferences, and then General. You could also use an alternative browser. Another option is to defer to running in Standard of Managed mode, versus as an Administrator – this just keeps viruses from being able to access every nook and cranny of your system.
If you’ve been infected
If your system has already been infected, The Next Web explains how you can fairly easily get rid of MacDefender.
- Go to Applications, and then Utilities to check the Activity Monitor. Disable anything with “MacDefender” in the name.
- Go to Library, Startup Items, and in there look for in LaunchAgents and LaunchDaemons for anything with “MacDefender” in the name. Quit any running applications.
- Go back to the Applications folder and drag and drop MacDefender from there to the trash. Delete trash.
- Search for anything on your system with “MacDefender” in the name and delete anything returned.
Editors' Recommendations
- In the age of ChatGPT, Macs are under malware assault
- Apple’s new Mac Pro might be dead on arrival
- This critical exploit could let hackers bypass your Mac’s defenses
- This Mac malware can steal your credit card data in seconds
- Apple confirms a new Mac Pro is coming — but when will it launch?
