Security researchers have identified a new strain of OS X malware dubbed “MACDefender.”
The malicious software automatically downloads a file via JavaScript; however, users are (obviously) given a choice whether or not to install the program.
“When a user clicks a link after performing a search on a search engine such as Google, this takes them to a web site whose page contains JavaScript that automatically downloads a file,” an Intego security researcher explained.
“In this case, the file downloaded is a compressed ZIP archive, which, if a specific option in a web browser is checked (Open ‘safe’ files after downloading in Safari, for example), will open.”
As stated above, users – who are asked to provide an administrator password – must still agree to install the malware after it downloads.
Therefore, Intego has categorized the MACDefender threat as “low,” despite the fact that the malware was apparently coded to steal credit card info by posing as a legitimate anti-virus program.
For those already infected with the MACDefender malware, the following steps are recommended:
1. Open Applications > Utilities > Activity Monitor and quit any processes linked to MACDefender.
2. Delete MACDefender from the Applications folder.
3. Check System Preferences > Accounts > Login Items for suspicious entries.
4. Run a Spotlight search for “MACDefender” to check for any associated files that might still be lingering.
Note: The malware should NOT be confused with MacDefender, a company that codes geocaching software such as GCStatistic and DTmatrix.
[Via AppleInsider and MacRumors]
