Latest in Mac

Image credit:

MacDefender malware targeting Mac users, instructions for removal


Mac owners usually have little to worry about in terms of computer viruses and spyware, but a new malware attack seems to be causing issues for some users.

According to a report on The Next Web, a specialized malware attack targeting Mac users is making the rounds. Users seem to be targeted as they are browsing Google Images, with one victim reporting that he suddenly received a message stating that his machine had been infected with viruses that only a "MacDefender" application could remove. There is a MacDefender website that highlights a few shareware apps that a dedicated geocacher has written, and the site's owner is warning people to not download the malware app.

The malware appears to be targeting Safari. The browser can be configured so that it will automatically open trusted software, and that appears to be the route of attack that's being used. While the MacDefender malware isn't infecting Macs with a virus or running a keylogger in the background, the author seems to be trying to scare users into providing credit card information by buying the software.

The Next Web provided some useful hints on how to protect yourself from the malware and to remove the pesky app if it is downloaded onto your Mac. If you aren't seeing MacDefender in your Applications folder, you can protect yourself from possible infiltration by unchecking the "Open 'safe' files after downloading" box at the bottom of Safari > Preferences > General (see the area outlined in red in the image above).

If MacDefender is already on your Mac, check out the next page for tips on how to remove it.

If you find the application in your Applications folder, deleting it by dragging it to the trash may fail as you'll be told that the app is in use. The app can be killed by launching Activity Monitor (found in Applications > Utilities) and quitting any processes that include the name MacDefender. The Next Web also recommends looking in /Library/StartupItems, /Library/LaunchAgents, and /Library/LaunchDaemons (all on your boot drive) for files that may reference MacDefender.

Once the malware app has been stopped, you should be able to drag the MacDefender file to the trash. Empty trash, and follow up with a Spotlight search for MacDefender. Any other MacDefender files should be deleted as well.

This particular bit of Mac malware isn't that complicated to remove, but that's mostly because the developers didn't build it to be particularly sophisticated in its approach -- in theory, future iterations could be much trickier to get rid of. For those of you who haven't been hit by the MacDefender app, take care while downloading images for the next few weeks.

If you do feel the need to take extra precautions, both the open-source ClamXAV and the commercial-grade Sophos AntiVirus for Mac Home Edition packages are completely free of charge.

From around the web

ear iconeye icontext filevr