One guy acting strangely is a nut. A bunch of people doing the same thing is called a church. - Shawn Mahaney
CRIMINALS RESPONSIBLE for fake anti-virus malware on Mac OS X have been hard at work, using techniques they've used on Windows versions of malicious software to make it that much more effective.
Two security vendors, Sophos and ESET, noticed that a new version of Macdefender is now in the wild that doesn't need an administrator password. First encountered at the beginning of May, the Trojan hits Apple users after they find their way to fake websites by following poisoned search results.
In its advisory over the issue, Apple said an administrative password prompt is a good time for a user to abort the installation of the fake anti-virus software. Now its attacks won't ask for a password, following a method used by criminals on Windows PCs to avoid user account control (UAC) warnings.
Now all you need to do is to follow a bad link via a poisoned search image result for an installation to start. Once installed, the malware prompts you for credit card details to purchase the software, which of course you should not do.
Dan Clark of ESET recommended that users disable the 'open safe file after downloading' option on Mac systems, at least until Apple releases the security update it recently promised.
Also known under names like Macsecurity and Macguardian, the threat has evolved significantly since it was first detected early this month. Windows PC users will be used to these types of threats, but Mac users might be more naive about the problems caused by this type of malware. µ
Sign up for INQbot – a weekly roundup of the best from the INQ