The application, disguised as a virus scanning tool and completely unrelated with the official MacDefender software, gets installed automatically without a userâ€™s consent upon opening a webpage, although itâ€™s not clear what kind of websites allow this kind of installation, and whether MacDefender â€œphones homeâ€ once running on a Mac to download additional pieces of code (like most malwares on Windows do).
Some users are reporting they found the app installed on their Macs after visiting webpages linked on Google Images, some say itâ€™s only happening with the Safari desktop browser, others claim the app canâ€™t be removed with a simple drag & drop to the systemâ€™s Trash as, once installed, the process will beging running automatically on OS X. Again, itâ€™s not clear what kind of malware MacDefender.app is and the proportion of this â€œspreadingâ€ across Mac OS X machines, but on Apple Support Communities seems to suggest at least hundreds of people have experienced the issue in these past few days.
A few reports from ASC:
Mac Defender has appeared in my iMac (OS X 10.6.7). I tried to remove it by dragging the program to the trash from the applications folder, but I cant because the program is open. The program is pretending to be an antivirus program send $$, obviously a scam. I re-started but I cat stop it from loading.
There is very little info on this program out there (MacDefender.app). Any ideas?
Same thing happened to my wifeâ€™s Macbook this morning. Definitely a scam; website to â€˜registerâ€™ the software purports to be â€˜secureâ€™ but url is simple ip address without https.
A scam to steal credit card info. Will follow directions to clean up as posted here.
Hi. Iâ€™m a brand new Mac user and got caught with this today when I tried to download a pdf file from google images. Since Iâ€™m so new to Mac I barely understand how to do anything. Iâ€™ve tried to follow all the treads but they are pretty complicated for a novice.
I went into â€œFinderâ€ and tried to trash the application, but canâ€™t because itâ€™s running.
Security company Intego reports the malware installation happens through SEO poisoning:
In this case, the file downloaded is a compressed ZIP archive, which, if a specific option in a web browser is checked (Open â€œsafeâ€ files after downloading in Safari, for example), will open.
The Next Web offers some good tips to remove the fake MacDefender application from a Mac: fire up Activity Monitor and force quite the process, then delete the app from your /Applications folder. Youâ€™d also want to clean up your login items in the System Preferences > Account tab, and take a look inside /Library/StartupItems to remove related LaunchAgents and LaunchDaemons that might trigger MacDefender on login. Of course, applications like AppZapper and Hazel might be a good idea to find and delete all associated files when manually moving MacDefender to the trash. To prevent Safari from automatically opening â€œsafe filesâ€ from the download queue in the future, make sure to uncheck the option in the browserâ€™s settings.
Did you accidentally install MacDefender.app on your system or found it already installed? Let us know in the comments, or drop a line in one of Apple Support Communitiesâ€™ threads.
|How to remove malware for Mac OS X MacDefender: