14 DAY TRIAL // The defense Apple has put in place against the latest scareware attacks targeting Mac users has already been bypassed by a modified version of the rogue software.
Since a few weeks ago, Mac users are being targeted by scammers who use scare tactics to convince them to install fake antivirus programs.
This type of applications have been around the Windows malware ecosystem for years and are collectively known as scareware or rogueware.
Because a lot of Mac users are not familiar enough with the techniques used by attackers, the number of victims for this sustained scareware campaign is pretty high.
While keeping silent about the incident at first, Apple eventually posted manual removal instructions for the rogue applications and released a security update which added detection for them to Mac OS X's XProtect feature.
The company also modified the update frequency for XProtect to daily in order to respond quicker to new variants. However, for experienced malware writers 24 hours is more than enough to adapt.
It only took the people behind this scareware campaign eight hours to make a variant of the rogue application that is not detected by Apple's XProtect signatures.
ZDNet reports that for the new variant the name of the installer was changed to Mdinstall.pkg and that just as with previous versions, it doesn't require an admin password to install itself.
It's always a cat and mouse game between malware writers and antivirus vendors and there will always be ways to temporarily evade detection. Because of this, user education is the best way to prevent infections.
Unfortunately, Apple not only has failed to educate users about malware threats, but even told them that Macs are virus-free. Users are strongly advised against downloading and installing software offered by websites they don't know and trust, regardless of what they claim.