We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

New, more dangerous Mac Defender variant emerges

MacGuard doesn't require a password for installation

Mac OS X users have been warned to be wary of a new variation of the Mac Defender 'scareware' that is said to be more dangerous than the original infection.

According to experts at security firm Intego, MacGuard is more dangerous than Mac Defender and several earlier variants including Mac Protector and Mac Security as it doesn't require an administrator password to install.

The aim of the malware is the same - to persuade victims to hand over their credit card details - though the process is slightly different. Initially, visiting an infected website automatically triggers the download of a file that installs itself on your Mac.

If you have the 'Open safe files after downloading' option in Safari checked the installation process will begin automatically and the avRunner program will be installed on your Mac. This then downloads a second file package from a domain belonging to the cybercriminals behind the attack, while deleting all traces of the original installer files.

This second file is the MacGuard package, which will automatically install itself as well. It will then demand credit card details to rid your Mac of the infection.

Intego recommends unchecking the Open safe files after downloading option in Safari and if you should end up on any website that looks similar to Mac OS X's Finder window you should close the browser immediately. If the Installer opens, quit it straight away and check the Downloads folder for any unrecognised files and delete them.

Earlier this week, Apple promised an update to Mac OS X that would find and delete variants of the Mac Defender malware on a user's Mac, as well as warn them should they unwittingly try and download the file.

Opinion: Mac Defender crashes Apple security myth

"In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants," Apple said in a statement.

"The update will also help protect users by providing an explicit warning if they download this malware," it continued.

Apple also outlined steps that users with infected Macs can take to remove the scareware on the Apple Support forum.

However Chester Wisniewski of security firm Sophos questioned Apple's approach to the problem, as cybercriminals would simply create more variants to get around any defences the company puts in place.

"Are they going to develop their own anti-virus software? The fast pace with which new variants arrive requires a very different style of software development and updating than Apple is accustomed to.

IDG UK Sites

Sony Xperia Z3+ release date, price and specs: The Xperia Z4 for the UK

IDG UK Sites

Why Intel’s vision of the future is a future I want to live in

IDG UK Sites

10 amazing, creative uses of tech – and the brands behind them

IDG UK Sites

Jony Ive 'semi-retired' into new role: kicked upstairs as Chief Design Officer