Move over Mac Defender—there’s a new malware variant in town, and it doesn’t require the administrator password for installation. Security research firm Intego issued a new warning to Mac users on Wednesday, heavily cautioning users that a new variant on Mac Defender, called Mac Guard, is making the rounds via SEO poisoning online.
Intego initially warned users about a fake antivirus program called MAC Defender (it has since gone through several name and capitalization changes) earlier this month. The Mac-like app posed as an antivirus program and asked users for their credit card numbers in order to purge viruses on their machines or protect them from new ones. Although Intego initially gave Mac Defender a low risk rating because of its admin password requirement, it soon became apparent that Mac Defender was indeed beginning to make the rounds among the Mac-using community. We spoke with a number of third-party support reps, as well as several Apple Store Geniuses, who vouched for an apparent increase in Mac Defender malware reports.
“Unlike the previous variants of this fake antivirus, no administrator’s password is required to install this program. Since any user can install software in the Applications folder, a password is not needed,” Intego wrote on its blog. “This package installs an application—the downloader—named avRunner, which then launches automatically. At the same time, the installation package deletes itself from the user’s Mac, so no traces of the original installer are left behind.”
Once again, the company advises users to turn off “Open ‘safe’ files after downloading” in their Safari preferences, since this malware (and others like it) are making their way onto users’ computers via maliciously crafted URLs.
Apple itself acknowledged Mac Defender yesterday in a support document. The company promised to issue a software update that would automatically remove the malware and its variants, but also listed out instructions for how to remove it. We can only assume (or hope, at least) that Apple will include Mac Guard when it gets around to issuing that update, but in the meantime, Intego also offers its own VirusBarrier X6 tool to help remove it.
Via: ars technia