Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Russian online payment site linked to MacDefender malware scam

After a raid on Russian payment giant Chronopay's offices, authorities have found evidence linking the company to the MacDefender fake anti-virus scam that targeted Mac users.

Security expert Brian Krebs reported on his blog that Russian cops have discovered "mountains of evidence" that Chronopay employees were providing technical and customer support for bogus anti-virus software, including MacDefender.

Police discovered "Website support credentials and the call records of 1-800 numbers used to operate the support centers," Krebs wrote. Evidence was also found linking the company to Rx-Promotion, an online program that worked with spammers to promote sites selling counterfeit prescription drugs.

Chronopay has a 45 percent share of the Russian e-commerce market and had denied involvement with the scam in May after Krebs leveled accusations against the company. Co-founder Pavel Vrublevsky was arrested in June over allegations that he hired a hacker to attack his company's rival.

“If allegations against ChronoPay are true then we should expect significant decrease of revenues received by cyber criminals in the appropriate segments of black market in the near future,” said Maxim Suhanov, a specialist at computer-forensics firm Group-IB.


MacDefender-related document discovered at the Chronopay office

A recent analysis of the fake anti-virus distribution networks found that scammers were using highly profitable pay-per-install programs to deploy the malware. PPI networks reportedly charge as little as $750 for 10,000 installs.

“If you do the math, it’s almost like you’re printing money,” researcher Damon McCoy said. “You could pay the PPI networks $75 to get 1,000 fake AV installs. And if you had an average conversion rate of one in 50, making between $25-$35 on each install, that works out to about 20 sales — or conservatively $500 per one thousand installs."

Users first discovered the MacDefender malicious software in late April. Using a method known as "SEO poisoning," the malware automatically downloaded itself onto users' computers and posed as an anti-virus software in an attempt to trick users into providing credit card information. Security firms categorized the threat as "low" because the users were still required to agree to install the software and provide a password.

Malware

However, in late May, a variant of the malicious software was discovered that installed itself without administrator approval. Apple issued a security update to Mac OS X meant to detect and disable the malware.

Security researchers have applauded Apple for its recent security efforts, especially in Mac OS X Lion, while also warning that the Mac platform's increased visibility may open it up to increased threats from hackers.



7 Comments

oc4theo 15 Years · 294 comments

This is a perfect lawsuit Apple should pursue for monetary damages.

DO it now, these Russian criminals got a lot of money too.

mister snitch 16 Years · 580 comments

Mac Defender is a horror show, hope they're shut down for good.

benanderson89 13 Years · 576 comments

Should I be surprised its from eastern europe or applaud that they maintain he stereotype?

apple ][ 13 Years · 9225 comments

Why am I not surprised that the crooks are in Russia?

Anyway, I hope that the criminals get thrown in a dirty old cell and that each of them gets a cellmate named Igor, who happens to be doing life in prison for molestation, incest, rape, murder, theft, arson and child porn.

scaramanga89 15 Years · 207 comments

Yes, because there are no American crooks at this crap. Wise up.