Trojan “Mac Defender” starts to chalk up victims

May 19, 2011 By Geoff Duncan

A fake security program for Mac OS X pretends to scan for security problems, then offers to fix them - for a fee.

Although malware on Mac OS X is nowhere near as common as it is on Windows, Trojan horses—programs that purport to do something useful and instead do something nasty—aren’t exactly unknown. Some appear in the form of “free” installers for commercial applications distributed via file sharing networks, while others have been mostly proofs-of-concept that never made it out into the wild. However, a new-ish trojan dubbed “Mac Defender,” “Mac Protector,” or “Mac Security” seems to be garnering some victims, perhaps by tapping into Mac users’ unease that their operating system doesn’t have any explicit security software built in. To Windows users, Mac Defender’s tactics are all too familiar: the program pretends to scan your system for trouble, find all sorts of truly nasty things, then offers to fix them all—for a fee.

In a blog post, ZDNet’s Ed Bott details trawling through Apple discussion forums looking for posts from people impacted by the trojan, and claims to have located hundreds of instances of Mac users being scared or outright duped by the software. He also details a conversation with an Apple support representative who confirmed the problem has been escalating since Mac Defender first appeared earlier this month.

Mac Defender’s success seems built on two factors. First, it looks (somewhat) like a Macintosh application: where few Mac users will be fooled by “scareware” that reports problems like “Virus found in C:\WINDOWS\system32\” or a similar location that makes no sense on the Mac, Mac Defender is tailored to Mac OS X and, to a non-technical user at least, looks legitimate. Second, the creators and/or distributors of Mac Defenders exercised some “Google fu” to put their malware in front of as many users as possible, creating bogus Web pages that gamed search engine rankings so the malware would sometimes be served up in response to everyday queries like “Mother’s Day.”

Although it’s been many (many) years since serious malware circulated for the Macintosh, there’s nothing about Mac OS X that makes it fundamentally more secure than other operating systems. Malware writers just don’t seem to bother targeting it, given the far greater number of Windows-based PCs on the planet. (Arguably, current versions of Mac OS X are less secure than current versions of Windows; Apple is expected to improve under-the-hood security technology more in the forthcoming Mac OS X 10.7 “Lion.”) However, if a program can trick users into giving your credit card information—or entering an administrator’s name and password—no operating system architecture in the world can save them.

Showing 2 comments

hayleymcbeth at 11:05am 22nd May 2011 this just happened to me, this thing came up after i clicked on a picture of prague on google image....I clicked cancel download and then it said it detected trojan virus's and did i want to remove all so i clicked 'remove all' then panicked because it started to download something else so i cancelled it...then i trashed the files and emptied the trash can...have i been had?? should i have said 'remove all' or was i right in thinking this was a fake? i didnt enter any passwords or details? jeeeezzz massive panic...
1. Jerry_Springer at 11:15am 23rd May 2011 No, you did the right thing by cancelling the download. Only if you complete the download then type in your admin password, thereby allowing this program to be installed on your computer, do you need to do anything else. I know of people that not only installed this on their computer, but submitted 3 or 4 different credit cards trying to license this program to get rid of the so-called "viruses" from their computer. Some people are just too naive for their own good. Granted this is a very professionally designed, very polished looking program, so it's understandable how people are being fooled by it, but you should NEVER allow a program to install itself on your computer if you did not intentionally download it.