Apple released a security update on Tuesday that helps protect users from the MacDefender trojan horse malware application, and by Wednesday reports were circulating that hackers had already released a variant that worked around Apple’s security efforts. By Thursday morning, however, Apple had already released a new definition update that recognizes this latest trojan variant.
The new definition set was fist spotted by Spider-Mac (translation) in the XProtect plist file that’s part of Apple’s Security Update 2011-003. The update watches for downloads that match the MacDefender trojan horse, and alerts users if the installer is detected.
The MacDefender trojan horse looks like a legit Mac app
Assuming users run the installer, an application that appears to be a virus detection and protection utility displays bogus warnings that it found malware on user’s computers. It then tries to trick users into giving up credit card account information by promising to remove the malware it claimed to locate.
MacDefender’s real purpose is to steal credit card accounts from victims, hence its classification as a trojan horse application.
Apple’s security update auto-checks for updated malware definitions daily, so users don’t need to take any action to get and install the definitions file.