MACDefender Trojan Variant Skips Password Requirements

Security research and software maker Intego issued a warning on Wednesday that a variant on the MACDefender trojan application for Mac OS X is out, and this one doesn’t require user passwords before installing. Like the original MACDefender malware, the new version poses as an antivirus application and attempts to trick victims into giving up their credit card information.

MACDefender, now with variantsMACDefender, now with variants

The new variant, dubbed MacGuard, can auto-download and launch its own installer when visiting Web sites designed to push the application to you Mac. Apple’s Safari Web browser will automatically run applications downloaded from the Internet by default, so users should disable the “Open ‘safe’ files after downloading” option.

To disable Safari’s auto-open downloads option, do this:

  • Launch Safari
  • Select Safari > Preferences > General from the menu bar
  • Uncheck Open “safe” files after downloading

Apple also advises users to quit, or force quit, their Web browser if a Web site is designed to trick you into thinking it is a Mac OS X window. To force quit an application, press Command-Option-Esc, select your Web browser from the Force Quit Applications dialog, then click Force Quit.

Force Quit dialogThe Mac OS X Force Quit dialog

Apple released a Knowledge Base article earlier this week detailing how to remove the malware application, along with a promise that a system update designed to protect users will be coming soon.