14 DAY TRIAL // A new variant of the Mac Defender scareware that has plagued Mac OS X users since the beginning of the month no longer asks users for their admin password during installation.
Mac Defender is probably the first widespread Mac malware attack and it caught a lot of users off guard, exactly like antivirus experts predicted for years.
Apple's strategy of advertising Macs as virus free definitely paid off for the company in terms of sales, but created a false sense of security for users.
The only thing that kept malware writers away from the Mac plantform all these years was a low return on investment.
Learning how to code for Mac and maintaining a separate version of their malicious programs for an operating system that didn't have that many users simply wasn't worth it.
However, security experts warned that this will change and it appears it has already started, Mac Defender being a good example of how unprepared Mac users are when it comes to malware attacks.
Mac Defender are distributed through search result poisoning campaigns that have been around for years and are pretty much a common occurrence.
The new variant, called MacGuard, is delivered through a downloader application named avRunner which is installed by a avSetup.pkg file.
AvSetup.pkg is automatically downloaded when users visit one of the rogue search result pages and for certain Safari configurations it is even auto-executed.
"Unlike the previous variants of this fake antivirus, no administrator’s password is required to install this program," Mac antivirus vendor Intego warns.
"Since any user with an administrator’s account – the default if there is just one user on a Mac – can install software in the Applications folder, a password is not needed," the company explains.
The password prompt displayed by Mac Defender's installation routine could have served as an indication that something is wrong. Unfortunately, the people behind this malware have figured out that it's unnecessary.