The new MACDefender malware was first noted on Saturday by users of the Apple Support Communities, and was highlighted on Monday by antivirus company Intego. If the right settings are enabled in Apple's Safari browser, MACDefender can be downloaded to a system after a user clicks a link while searching the Internet.
"When a user clicks a link after performing a search on a search engine such as Google, this takes them to a web site whose page contains JavaScript that automatically downloads a file," Intego said. "In this case, the file downloaded is a compressed ZIP archive, which, if a specific option in a web browser is checked (Open 'safe' files after downloading in Safari, for example), will open."
However, users must still agree to install the malware after it downloads. After the ZIP file is extracted, users are presented with the "MACDefender Setup Installer," at which point they must agree to continue and provide an administrator password.
Because of the fact that users must agree to install the software and provide a password, Intego categorized the threat with MACDefender as "low."
Users on Apple's support forums advise killing active processes from the application using the Mac OS X Activity Monitor. MACDefender can then be deleted from the Applications folder by dragging it into the trash.
The malware is not to be confused with MacDefender, the maker of geocaching software including GCStatistic and DTmatrix. The company noted on its site it is not affiliated with the malware.
Malware spreads through search engines like Google via a method known as "SEO poisoning." The sites are designed to game search engine algorithms and show up when users search for certain topics.
94 Comments
I only got a popup for this on my iPad, on which it obviously won't install.
Here we go again...
Not that I would have installed this malware when prompted, but the timing is curious. I just switched to Chrome last week and haven't been using Safari. Gotta admit, Chrome's pretty sweet so far.
There's a good possibility this piece of malware may get some traction. It's an issue many here would want to discuss since Apple's OS is generally said to be immune to these types of attacks. Users are lax about taking the basic security precautions that users of other OS's do.
FWIW, I think this malware was the same that attempted to attack Firefox today. In this case it was blocked by the browser itself, with an on-screen warning that an unknown program was attempting to spoof an official Java update and had not been allowed. I don't know if Safari is giving the same warning. If not, Apple needs to.
So this malware does...?