“MACDefender” Malware Targets Mac OS X Users – Here’s How to Protect Against and Remove It
A new malware threat has been identified for Mac users, the app is called MACDefender and it disguises itself as antivirus software for Mac OS X. The malware attempts to install itself through hijacked websites, and the threat level is considered low, nonetheless all Mac users should be aware of the potential threat and take steps to avoid a potential problem.
2 Simple Steps to Protect Against MACDefender
There are two easy ways to avoid being affected by MACDefender:
1) If you see the above “MACDefender Setup Installer” wizard at any point while browsing the web, do NOT click to install the application
2) Disable Automatic File Opening in Safari
If you use Safari as your default web browser, be sure to disable automatic opening of safe files after downloading:
- Open the Safari menu and pull down to Preferences (or just hit Command+, to launch them)
- Look at the bottom of the General tab and uncheck the box next to “Open ‘safe’ files after downloading”
If you’re concerned that a Mac has been infected by MACDefender, here is how to check for and remove the malware:
Check for and Remove MACDefender Malware
You can check to see if you have been infected with the MACDefender malware, and remove it, by doing three things:
- Launch the task manager tool Activity Monitor (located in /Applications/Utilities/) and click to sort processes by ‘Name’ and look for MACDefender or MacDefender.app – if this process is running, select the process and then kill it.
- Open System Preferences, click on Accounts, and select the “Login Items” tab, now look for MACDefender or any unusual entry in the list. If something is found, select it in and press the “-” button to delete it from the login item list.
- Open your applications folder (/Applications/) and look for MACDefender or MacDefender and delete the application
In the odd event that you have MACDefender and the above three steps did not remove the app, follow this guide to track down all login and boot scripts and applications, it may be hiding elsewhere although there are currently no reports of this.
If you’re curious, you can read more about MACDefender and how it masks itself as antivirus software at Intego’s blog, they discovered the malware and they also happen to make genuine antivirus software for Mac.