“MACDefender” Malware Targets Mac OS X Users – Here’s How to Protect Against and Remove It
A new malware threat has been identified for Mac users, the app is called MACDefender and it disguises itself as antivirus software for Mac OS X. The malware attempts to install itself through hijacked websites, and the threat level is considered low, nonetheless all Mac users should be aware of the potential threat and take steps to avoid a potential problem.
2 Simple Steps to Protect Against MACDefender
There are two easy ways to avoid being affected by MACDefender:
1) If you see the above “MACDefender Setup Installer” wizard at any point while browsing the web, do NOT click to install the application
2) Disable Automatic File Opening in Safari
If you use Safari as your default web browser, be sure to disable automatic opening of safe files after downloading:
- Open the Safari menu and pull down to Preferences (or just hit Command+, to launch them)
- Look at the bottom of the General tab and uncheck the box next to “Open ‘safe’ files after downloading”
If you’re concerned that a Mac has been infected by MACDefender, here is how to check for and remove the malware:
Check for and Remove MACDefender Malware
You can check to see if you have been infected with the MACDefender malware, and remove it, by doing three things:
- Launch the task manager tool Activity Monitor (located in /Applications/Utilities/) and click to sort processes by ‘Name’ and look for MACDefender or MacDefender.app – if this process is running, select the process and then kill it.
- Open System Preferences, click on Accounts, and select the “Login Items” tab, now look for MACDefender or any unusual entry in the list. If something is found, select it in and press the “-” button to delete it from the login item list.
- Open your applications folder (/Applications/) and look for MACDefender or MacDefender and delete the application
In the odd event that you have MACDefender and the above three steps did not remove the app, follow this guide to track down all login and boot scripts and applications, it may be hiding elsewhere although there are currently no reports of this.
If you’re curious, you can read more about MACDefender and how it masks itself as antivirus software at Intego’s blog, they discovered the malware and they also happen to make genuine antivirus software for Mac.
[…] without this software update MacDefender is easy to remove and avoid completely. Furthermore, release notes in the latest Mac OS X 10.6.8 developer build indicate that […]
[…] Knowledge Base article. The update will address the MacDefender phishing malware that we showed you how to get rid of […]
I work at an Apple reseller, and one of our techs created an app to delete the software. It’s pretty slick and has been very helpful to several of our customers who have dealt with the malware. It can be downloaded for free here: http://www.simplymac.com/blog/2011/05/free-macdefender-malware-remover/
[…] out there… og som sagt, innen datasikring er det sunt og riktig med litt paranoia. Les mer hos osxdaily.com, eller hos intego.com, som var de som oppdaget denne […]
My easy fix: I don’t use Safari.
The simplest protection is this: don’t enter your administrator password unless you know what you are installing.
You should highlight that this is not a security flaw in OS X…. instead, it is an attempt to get a user to voluntarily install the Malware.
I bet we’ll see a security update to Mac OS X within the week to resolve this even though is is very low concern. It uses methods that work wonders on Windows users but it’s unlikely to have a serious impact on Macs. The scariest thing about it really is that it looks professional and then wants your credit card which will then be charged with who knows what.