Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Security

May 27th, 2011, 16:57 GMT · By

Largest Russian Payment Processor Might Be Behind Recent Mac Scareware

SHARE:

Adjust text size:


ChronoPay suspected of involvement in Mac Defender operation
Enlarge picture
Details about the recent scareware campaign which infected a lot of Mac computers suggest the involvement of the largest Russian online payment processor, ChronoPay.

The connection was made by IT security blogger Brian Krebs who has previously investigated ChronoPay and its CEO Pavel Vrublevsky.

ChronoPay's business in Russia is extensive. It is processing online payments for many legitimate firms, including airlines and utility companies.

However, the same services are offered to the shady people behind rogue online pharmacies, adult websites, counterfeit software and scareware operations.

In fact, Mr. Vrublevsky is believed to be running in-house scareware affiliate programs himself using ChronoPay's resources.

Evidence in this respect was uncovered in internal documents leaked last year by a hacker who penetrated the company's network.

According to Brian Krebs, the scareware campaign which has taken the Mac community by storm recently, bears the ChronoPay hallmarks.

The Mac Defender scareware and its variants were initially distributed from two domain names called mac-defence.com. and macbookprotection.com.

Both of those domains were registered using the contact email address fc@mail-eye.com, which Mr. Krebs says is owned by ChronoPay.

"Those documents [the ones leaked last year] show that ChronoPay owns the mail-eye.com domain and pays for the virtual servers in Germany that run it. The records also indicate that the fc@mail-eye.com address belongs to ChronoPay’s financial controller Alexandra Volkova," he writes.

The security blogger reveals that appledefence.com and appleprodefence.com have also been registered with  the same email address and are yet to be used in the scareware campaign.

The attack has caught Mac users largely unprepared and has resulted in a flood of support calls to Apple. The company has taken the extraordinary step of issuing malware manual removal instructions for the first time and promised to automatically uninstall the rogue programs via an upcoming system update.

TELL US WHAT YOU THINK:

1,029 hits · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


New Mac Defender Variant Doesn't Require Admin Password
Apple Late to Anti-Malware Party, Issues Alert and Removal Instructions
Domain Name of Russia's Largest Online Payment Processor Hijacked

READER COMMENTS:



No user comments yet.
Be the first to express your opinion!
Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use