Apple finally acknowledged that Mac’s are not the only computers in the world unable to be infected by viruses or malware. This morning they posted a note to their support website admitting to the existence of the malware MacDefender and it’s variants known as MacProtector and MacSecurity. With that note, a new era dawned on Mac users that their machines are just as vulnerable (if not more so) to viruses and malware.Before the release of the support note yesterday, it was reported by ZDNet’s Ed Bott that Apple support staff on the phone were indicating that they couldn’t provide instructions for dealing with specific instances of malware. The fix is not overly complicated, but explaining it individually over the phone to every affected customer would tie up a lot of customer service agents, and it could set a dangerous precedent for the future treatment of such situations.
Contrary to what the Mac fanboys will tell you. Apple has always been vulnerable to these sorts of attacks. At HackerCon and PwnToOwn Mac OS X was consistently one of the first machines to fall to various attacks. However, the wildly successful advertising campaign Mac vs PC and the corporate marketing script from Apple has always been that only Windows was vulnerable to these attacks. The reality was, however, that OS X benefited from “Security through Obscurity.” A small market share meant that any viruses written for it would have limited success or impact. The much larger Windows user base (and the estimated 20% of users who run no antivirus or out of date antivirus) was a much sweeter target.
With recent gains in popularity, coupled with a much bigger push into security by Microsoft, has made the tables turn so a virus or malware attack against Microsoft Windows or Apple Mac OSX could provide with equal success. This recent attack by MacDefender, MacProtector and MacSecurity has just shown that. It’s the first launch and there will be more to follow.
How to avoid installing this malware
If any notifications about viruses or security software appear, quit Safari or any other browser that you are using. If a normal attempt at quitting the browser doesn’t work, then Force Quit the browser.
In some cases, your browser may automatically download and launch the installer for this malicious software. If this happens, cancel the installation process; do not enter your administrator password. Delete the installer immediately using the steps below.
- Go into the Downloads folder or your preferred download location.
- Drag the installer to the Trash.
- Empty the Trash.
How to remove this malware
If the malware has been installed, we recommend the following actions:
- Do not provide your credit card information under any circumstances.
- Use the Removal Steps below.
- Move or close the Scan Window
- Go to the Utilities folder in the Applications folder and launch Activity Monitor
- Choose All Processes from the pop up menu in the upper right corner of the window
- Under the Process Name column, look for the name of the app and click to select it; common app names include: MacDefender, MacSecurity or MacProtector
- Click the Quit Process button in the upper left corner of the window and select Quit
- Quit Activity Monitor application
- Open the Applications folder
- Locate the app ex. MacDefender, MacSecurity, MacProtector or other name
- Drag to Trash, and empty Trash
Malware also installs a login item in your account in System Preferences. Removal of the login item is not necessary, but you can remove it by following the steps below.
- Open System Preferences, select Accounts, then Login Items
- Select the name of the app you removed in the steps above ex. MacDefender, MacSecurity, MacProtector
- Click the minus button
Use the steps in the “How to avoid installing this malware” section above to remove the installer from the download location.