14 DAY TRIAL // A fake antivirus program targeting Mac users has been discovered by users of the Apple Support Communities and then detailed by security firm Intego who classifies the find as low-risk malware.
MAC Defender reportedly targets Mac users via SEO poisoning attacks.
If downloaded through Safari, users may end up installing what the browser will regard as ‘safe’ files.
Intego warns that “If the user continues through the installation process, and enters an administrator's password, the software will be installed.”
The security firm also signals that the application is very well designed, and has a polished, pro-level look and feel.
“There are a number of different screens, and the grammar and spelling are correct, the buttons are attractive, and the overall look and feel of the program give it a professional look.”
“It will occasionally display alerts, telling users that viruses are found,” Intego outlines.
The fake alerts are tasked with convincing users that they need to buy a license. Once they hit the Register button, users are asked to provide a credit card number via a web page that is not secure, the Texas company warns.
Intego explains that “the virus warnings presented are bogus, and after paying, they no longer display, so users think the program has done something useful.”
They also believe that credit card numbers could be used for other purposes as well, citing the insecurity of the web page used to make the ‘purchase’. Since users must agree to install the software and provide a password, Intego labels the threat as "low."
As means of protection, Mac users are asked to use their photographic memory and decline installing anything that looks like the recently found ‘MAC Defender’, as well as uncheck the “Open ‘Safe’ files after downloading” option in Safari, or similar options in other browsers.
Finally, Intego promotes its VirusBarrier X6 antivirus program as means of protection against the malware.
VirusBarrier Express, the company’s free antivirus app, can detect this malware with its definitions dated May 2, 2011 or later.