Security research and software maker Intego issued a warning on Wednesday that a variant on the MACDefender trojan application for Mac OS X is out, and this one doesn’t require user passwords before installing. Like the original MACDefender malware, the new version poses as an antivirus application and attempts to trick victims into giving up their credit card information.
MACDefender, now with variants
The new variant, dubbed MacGuard, can auto-download and launch its own installer when visiting Web sites designed to push the application to you Mac. Apple’s Safari Web browser will automatically run applications downloaded from the Internet by default, so users should disable the “Open ‘safe’ files after downloading” option.
To disable Safari’s auto-open downloads option, do this:
- Launch Safari
- Select Sa
fari > Preferences > Generalfrom the menu bar - Uncheck
Open “safe” files after downloading
Apple also advises users to quit, or force quit, their Web browser if a Web site is designed to trick you into thinking it is a Mac OS X window. To force quit an application, press Command-Option-Esc, select your Web browser from the Force Quit Applications dialog, then click Force Quit.
The Mac OS X Force Quit dialog
Apple released a Knowledge Base article earlier this week detailing how to remove the malware application, along with a promise that a system update designed to protect users will be coming soon.
13 Comments Leave Your Own
The Mac is mainstream now
Senator Franken should investigate this.
To give credit where credit is due, these guys are good.
what’s the idiot proof way to convert an admin account to standard?
1. Log in under a second administrator’s account.
2. Go to preferences>accounts. Change the first account from administrator to standard.
3. Log out of the second administrator’s account.
4. Log in under the first account. It is now a standard account and can’t install new applications.
muchos gracias amigo
True that. It is a good thing that we have the hackers that participate in the Black Hat Conference to protect us. That was a snark, I am suspicious of that group.
Simple!
Just create a new non-Admin account for yourself, or for whoever else will be using your Mac.
I’ve tried using a standard account recently but it doesn’t work as well as I’d hoped. Some applications that need admin rights are poorly written and only ask for your password, not the name/password of any admin; so they can’t work under standard accounts. The only example that I remember is the uber-geeky Wireshark packet sniffer (developer/hacker tool), but I think there were some more mainstream ones too.
OK I may be alone on this but I find it amusing that something as “uber-geeky” as Wireshark would be poorly written and not know how to handle a non-admin account.
@geoduck
Wireshark is a Linux tool that’s been ported to Mac and Windows; on Linux you typically launch it from a terminal Window as root. On Mac OS X it still runs in the X Windows application. CocoaPacketAnalyzer is a pretty decent Cocoa port of Wireshark, but I don’t remember if it fixes the non-admin problem.
In principle packet sniffers have a legit need for admin rights because they reconfigure the network port and read network data for other applications and other computers.
Oh yeah, I’m familiar with Wireshark. I just find it slightly ironic and amusing.
I’ve said it before and I’ll say it again: the “open ‘safe’ files after downloading” is a disaster waiting to happen. How many times has it been exploited now? I’ve lost count. Just turn it off now. Apple shouldn’t even have the option there, especially now that the average Joe doesn’t need to do the disk-image dance to install software (Mac App Store).
Add your comment