Security researchers have identified a new strain of OS X malware dubbed “MACDefender.”
“In this case, the file downloaded is a compressed ZIP archive, which, if a specific option in a web browser is checked (Open ‘safe’ files after downloading in Safari, for example), will open.”
As stated above, users – who are asked to provide an administrator password – must still agree to install the malware after it downloads.
Therefore, Intego has categorized the MACDefender threat as “low,” despite the fact that the malware was apparently coded to steal credit card info by posing as a legitimate anti-virus program.
For those already infected with the MACDefender malware, the following steps are recommended:
1. Open Applications > Utilities > Activity Monitor and quit any processes linked to MACDefender.
2. Delete MACDefender from the Applications folder.
3. Check System Preferences > Accounts > Login Items for suspicious entries.
4. Run a Spotlight search for “MACDefender” to check for any associated files that might still be lingering.
Note: The malware should NOT be confused with MacDefender, a company that codes geocaching software such as GCStatistic and DTmatrix.