New Mac Malware

Written By Wayne Jones of the FIVE FORKS BAPTIST COMPUTER USERS GROUP.
The information is a very good read for everyone to just remind us that we ALL need to take care surfing the web.
There is a rehash of something very old going around recently which has lots of Mac users in a tizzy. It is variously called Mac Defender or Mac Protector, or some hacked up variation on those names. IT IS NEITHER A TROJAN NOR A VIRUS. It’s final payload can deliver a trojan, however, if the user follows its instructions. Most people will realize what’s going on and halt the installation. This malware will not damage your system unless you give it permission to do so.
“It” is a series of popups which falsely informs the user they have been infected with some number of viruses. It is generally found on sites provided by search engines (such as Google). Upon loading the site, the popups will trigger. If ignored, they will often generate more popups of pornographic site links. This class of malware is called “scareware” for obvious reasons, and has been around for years for all platforms. This particular one is a little more sophisticated because it checks to learn what platform the user in on, and generates popups based on either Windows, Linux, or Mac depending on the user’s hardware. It is low risk and not harmful in and of itself. On Macs, if you see these popups – you have not been infected – yet.
For Macs, it can’t install anything, so it tries to get the user to do so. That’s what trojans do. That’s called social engineering – in this case it tries to convince you to provide your credit card information to purchase “protection.” Yeah, right. A ZIP file will be downloaded which then opens a standard-looking Mac installer. To rid yourself of this pest, you simply need to close the installer windows, eject any disk images left on your desktop, find the downloaded files using Spotlight (upper right corner – type in “Defender” and locate the files, then trash them and securely empty the trash).
If you follow the instructions, you will indeed install a trojan horse which will compromise your credit card info, send your personal data to who-knows-where, and probably grab your contacts and attempt to infect them. It will not, however, install a virus or worm on your system.
You can head off lots of the problems by using the security features built in to Mac OS X. In the default browser, Safari, go to Preferences/General. At the bottom there is a box for opening safe files upon download. Safe files are those generally considered as low risk in Mac OS X. Uncheck the box. In the future, you will need to locate files you’ve downloaded and open them manually, but you have minimized the kind of risk described above. The default location for downloads is the “Downloads” folder, so that’s where most files will be. Some will download to the Desktop. Other popular browsers have similar features.
I’m addressing this primarily to new Mac users because many are unaccustomed to security threats of any sort, and need to be educated on how to handle this type of thing. This same class of malware affects Windows users, also, and most will know how to handle it. AV softwares for both Windows and Macs have been updated in recent days to handle this threat.
And, by the way, it is generally considered a high-risk practice to randomly search for images or videos on search engine sites such as Google. In addition to the risk of malware and porn, the user is often presented with original or pirated media content which is illegal to use (except for personal viewing) without permission or license.

1 comment

  1. Jane

    Thanks for the helpful tips. Users should always beware!

Comments are closed.