When the MacDefender malware made the rounds a few months ago, it sparked a frenzy of pundits claiming OS X's free ride in the malware scene was over (and as our research shows, they were wrong. Again). At the same time, we all wondered who was behind MacDefender in the first place.
After a recent raid in Russia, it appears that question may have been answered. Russian law enforcement raided the offices of ChronoPay, and according to Ars Technica, the police found "mountains of evidence" that ChronoPay was providing tech support for MacDefender's bogus antivirus software. ChronoPay had earlier denied any involvement with MacDefender, but the evidence linking them to the malware program seems convincing.
Like many pieces of malware for Windows, MacDefender worked by exploiting user fears of virus infection. A popup message would claim a user's Mac had been infected by a virus that only MacDefender could remove, and users who installed the software would be pestered for credit card info to purchase the software. Once users entered said info, the party behind MacDefender would then run up fraudulent charges.
ChronoPay's CEO has been arrested, but Ars notes that this doesn't end the threat of MacDefender or other bits of malware. Meanwhile, although the predicted "explosion" of malware for the Mac still hasn't happened, it's still a good idea to remain vigilant against malware like MacDefender.