MACDefender Trojan Variant Skips Password Requirements

| News

Security research and software maker Intego issued a warning on Wednesday that a variant on the MACDefender trojan application for Mac OS X is out, and this one doesn’t require user passwords before installing. Like the original MACDefender malware, the new version poses as an antivirus application and attempts to trick victims into giving up their credit card information.

MACDefender, now with variantsMACDefender, now with variants

The new variant, dubbed MacGuard, can auto-download and launch its own installer when visiting Web sites designed to push the application to you Mac. Apple’s Safari Web browser will automatically run applications downloaded from the Internet by default, so users should disable the “Open ‘safe’ files after downloading” option.

To disable Safari’s auto-open downloads option, do this:

  • Launch Safari
  • Select Safari > Preferences > General from the menu bar
  • Uncheck Open “safe” files after downloading

Apple also advises users to quit, or force quit, their Web browser if a Web site is designed to trick you into thinking it is a Mac OS X window. To force quit an application, press Command-Option-Esc, select your Web browser from the Force Quit Applications dialog, then click Force Quit.

Force Quit dialogThe Mac OS X Force Quit dialog

Apple released a Knowledge Base article earlier this week detailing how to remove the malware application, along with a promise that a system update designed to protect users will be coming soon.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

13 Comments Leave Your Own

Khaled

The Mac is mainstream now

Lee Dronick

Senator Franken should investigate this.

geoduck

To give credit where credit is due, these guys are good.

Robbo

what’s the idiot proof way to convert an admin account to standard?

jameskatt

what?s the idiot proof way to convert an admin account to standard?

1. Log in under a second administrator’s account. 
2. Go to preferences>accounts. Change the first account from administrator to standard.
3. Log out of the second administrator’s account.
4. Log in under the first account.  It is now a standard account and can’t install new applications.

Robbo

muchos gracias amigo smile

Lee Dronick

To give credit where credit is due, these guys are good.

True that. It is a good thing that we have the hackers that participate in the Black Hat Conference to protect us. That was a snark, I am suspicious of that group.

ViewRoyal

Simple!

Just create a new non-Admin account for yourself, or for whoever else will be using your Mac.

ilikeimac

what?s the idiot proof way to convert an admin account to standard?

I’ve tried using a standard account recently but it doesn’t work as well as I’d hoped. Some applications that need admin rights are poorly written and only ask for your password, not the name/password of any admin; so they can’t work under standard accounts. The only example that I remember is the uber-geeky Wireshark packet sniffer (developer/hacker tool), but I think there were some more mainstream ones too.

geoduck

The only example that I remember is the uber-geeky Wireshark packet sniffer (developer/hacker tool),

OK I may be alone on this but I find it amusing that something as “uber-geeky” as Wireshark would be poorly written and not know how to handle a non-admin account.

ilikeimac

@geoduck

Wireshark is a Linux tool that’s been ported to Mac and Windows; on Linux you typically launch it from a terminal Window as root. On Mac OS X it still runs in the X Windows application. CocoaPacketAnalyzer is a pretty decent Cocoa port of Wireshark, but I don’t remember if it fixes the non-admin problem.

In principle packet sniffers have a legit need for admin rights because they reconfigure the network port and read network data for other applications and other computers.

geoduck

Wireshark is a Linux tool that?s been ported to Mac and Window

Oh yeah, I’m familiar with Wireshark. I just find it slightly ironic and amusing.

Mikuro

I’ve said it before and I’ll say it again: the “open ‘safe’ files after downloading” is a disaster waiting to happen. How many times has it been exploited now? I’ve lost count. Just turn it off now. Apple shouldn’t even have the option there, especially now that the average Joe doesn’t need to do the disk-image dance to install software (Mac App Store).

Log-in to comment