Bogus Antivirus Malware Targets Mac Computers

A fake antivirus application is targeting Mac OS X computers using Apple's Safari browser. Cybercriminals pushing MAC Defender, named like the legitimate MacDefender antivirus product, are manipulating keywords to push malicious sites to the top of search results.

According to security experts, Mac users who visit one of the malicious sites will see a fake Windows screen featuring an animated image of a malware scan, which reports that their computers have been infected and may automatically download the scareware. If the file is installed, problems will periodically arise until the user pays for the bogus program.

For example, the bogus MAC Defender will periodically open pornographic web pages to convince users that they have been hit by a virus. The goal is to con victims into paying for the fake program, explained Intego, an authentic antivirus software maker.

Exploiting Search-Engine Trust

Similar malware attacks are commonly encountered on Windows machines. For example, the LizaMoon scareware that surfaced last month also attempts to fool PC users into downloading a fake antivirus program by using what superficially appears to be the name of a Microsoft product: Windows Stability Center.

However, the fact that malware sites have begun serving up a Mac version is new and extremely rare, wrote Intego security experts in a blog. "While the site itself still shows a fake Windows screen, the rogue antivirus itself is a well-designed Mac application and looks professional," they wrote.

Like other Internet scams targeting Windows PCs, the bogus MAC Defender exploits the user's trust in the search engine being used. What's significant about the new Mac threat is that the scareware's makers have embedded JavaScript into their malware web pages to compel browsers like Safari to automatically download the app.

JavaScript-Based Attack

To prevent unauthorized downloads and installations without the user's consent, security experts are advising Mac users to uncheck the "Open safe files after downloading" option in Safari and avoid running any installer unless the user specifically elected to download it.

According to Symantec, one of the appeals of JavaScript to attackers is that it's a cross-browser, multi-platform technology. "This means that it runs on almost every web browser and operating system available -- a claim few other technologies can make," says Symantec's latest Internet Security Threat Report.

Moreover, the use of the web as a primary attack vehicle is rapidly rising. Symantec reports that the volume of web-based attacks per day increased 93 percent year over year in 2010. And it expects this trend to continue through 2011 and beyond.

More Bogus Antivirus Malware Targets Mac Computers

This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.