Mac users are always telling me that one of the reasons why they use a Mac is because they don’t have to worry about malware. Well that’s not true. Case in point yesterday when the Mac security firm Intego found a fake antivirus program called MACDefender.
Fake antivirus programs, which we've written about for Windows PCs, are designed to pop up fake virus warnings in order to scare you into purchasing "full" versions. Of course there is no full version—it's simply a ploy to get your credit card information.
According to Intego, Mac users are infected after clicking on the results of searches they’ve done on sites like Google. They’re then sent to a site that shows a fake malware scan and are told that their computer is infected. In the background the virus is downloaded.
If you have the option checked to “Open ‘safe’ files after downloading” in Safari, which is checked by default, the installer for the fake antivirus software will run.
You will then be presented with request to install the rogue application and if you continue with the installation process, which includes inputting your administrator’s password, the malware will be installed.
Once installed, you’ll start seeing porn popping up in your web browser and fake virus messages. If you try to "clean up" you Mac using the fake MACDefender software, you’ll be prompted to input your credit card information to buy a full version. Don’t do it. There is no "full" version and you're handing over your credit card information to scammers.
If you've already installed MACDefender, uninstalling isn't difficult. First open the “Activity Monitor” and kill the MacDefender process. Then open the applications folder and drag MacDefender to the trash. You should also open System Preferences and then Accounts and check to make sure there aren’t any login items for MACDefender.
Real security software, like Intego's VirusBarrier X6 ($50 for two Macs), will warn you if you come across malware like MacDefender, but common sense will as well. Never click to install an application unless you are 100% sure of what it is and only give out your credit card information if you know exactly what you are buying and whom you are buying it from.
From GP on May 06, 2011 :: 10:50 am
I take issue with this:
“...but common sense will as well. Never click to install an application unless you are 100% sure of what it is and only give out your credit card information if you know exactly what you are buying and whom you are buying it from.”
This isn’t really helpful. Even with open source applications, I’m not 100% sure what it is when I go to install it (how many of us perform a source code review before installing any application?). The surrendering of credit card information is similarly tricky… there are plenty of reasons why an average user would want to send money to a reasonably unknown entity… that’s why we use credit cards.
Better advice might be to have an “Internet only” credit card with a low balance to minimize the impact of fraud, and be highly suspicious of anything that passes itself off as “free” in the first place.
Reply
From Josh Kirschner on May 06, 2011 :: 11:27 am
Perhaps “100% sure” is a little strong, but the advice stil holds - you shouldn’t install an application unless you have a “high degree of confidence” that you know what it is and that it is safe. Apps that you didn’t download and are asking to be installed should raise suspicion.
Downloading freeware also has its risks (not all freeware, obviously, but freeware that you stumble upon randomly on the Internet). Of course you’re not going to do a code review, so most users should only download from reputable sites, such as CNET Downloads, or programs that are widely known.
And since it is so difficult for most users to tell the wheat from the chaff, we recommend Internet security suites, even for Mac users.
As for credit cards, I’m pretty careful about who I give my card to, and it certainly would not be to some unfamiliar company over the Internet. Yes, I probably won’t have to pay if there if fraud, but some card companies make it a pain in the butt.
Remember, these scams exist because so many people ARE willing to install just about anything and give their credit card number to anyone. So while it may not be common sense to you, for many, the strict approach is the best advice.
Reply