14 DAY TRIAL // After investigating the Mac Defender issue, an online security researcher is ready to claim that he has discovered who is behind the malware scaring Mac users for the past few weeks.
“Some of the recent scams that used bogus security alerts in a bid to frighten Mac users into purchasing worthless security software appear to have been the brainchild of ChronoPay, Russia’s largest online payment processor and something of a pioneer in the rogue anti-virus business,” Brian Krebs writes on his blog.
The security expert traced two domains that infected Mac users were directed to - appledefence.com and appleprodefence.com.
Krebs has found that they are associated with ChronoPay: “When I first took a look at the registration records for those domains, I was unsurprised to find the distinct fingerprint of ChronoPay, a Russian payment processor that I have written about time and again as the source of bogus security software.”
According to Krebs, the two domains were registered under [email protected], which belongs to none other than Alexandra Volkova - ChronoPay’s financial controller.
“The WHOIS information for both domains includes the contact address of [email protected],” Krebs writes.
“Last year, ChronoPay suffered a security breach in which tens of thousands of internal documents and emails were leaked. Those documents show that ChronoPay owns the mail-eye.com domain and pays for the virtual servers in Germany that run it,” he elaborates.
“The records also indicate that the [email protected] address belongs to ChronoPay’s financial controller Alexandra Volkova,” Krebs reveals.
He adds that ChronoPay is “an unabashed ‘leader’ in the scareware industry for quite some time.”
Having caught wind of the news giving it a bad name, ChronoPay immediately issued a statement denying any involvement with malware on the Macintosh platform.
According to a post on the ChronoPay website, “ChronoPay completely and totally disavows the most recent blog postings and publications alleging a connection between ChronoPay and Mac Defender and assures our customers that our company is not involved with Mac Defender in anyway, not are we involved with any virus production as has been alleged.”