Mac Defender malware: A survival guide for OS X users

Here's what you need to know to avoid the perils of Mac Defender.

Apple says it has a fix in the works for the Mac Defender fake antivirus app that has plagued a surprising number of Mac users in recent weeks. The company recently posted a Mac Defender support page explaining how you can remove the malware from your system. Apple also says it will roll out an OS X software update to protect Mac users from future attacks.

Apple's technical support services have reportedly seen an uptick in complaints about Mac Defender malware attacks. One Apple Care representative recently told ZDNet that at its height 50 percent of customer support calls were seeking help for Mac Defender problems. At first, Apple was reportedly reluctant to help users remove the malware, saying it didn't want to set an expectation for future widespread malware problems.

But Apple had a change of heart since then and wants to deal with the problem head on. If you're a Mac user infected with Mac Defender or a person who just wants to brush up on your online security know-how, here's what you need to avoid the perils of Mac Defender.

What is Mac Defender?

Mac Defender is a fake antivirus program that tries to trick you into installing it on your OS X system (there is also a Windows variant). The program can be automatically downloaded to your computer through a malicious site or a pop-up might appear in your browser trying to convince you to download the rogue app.

Once Mac Defender is running on your system it will try to trick you into handing over your credit card information. Mac Defender tells you that your system has malware and claims that apps such as the Terminal are infected. It may also open browser windows and visit porn sites in an attempt to scare you into thinking you have a virus. Then the rogue app offers to fix your problem if you purchase the full version of Mac Defender. Once it has your credit card information, the porn pop-ups disappear, but now the bad guys have your credit card details.

Does Mac Defender Have Other Names?

The fake antivirus also goes by other names including MacProtector and MacSecurity, as well as Mac Defender.

Is this Malware related to


What is Apple Doing About this?

Apple recently posted a Mac Defender support page on the company's site promising a software update for OS X. The update will search out and destroy Mac Defender malware if it's on your system. The security update will also alert you against downloading the scam app whenever you come across Mac Defender online.

I'm Infected. What Do I Do?

Apple has a detailed explanation on its Mac Defender support page about what you should do but here are the basics.

Before You Download

If you see the pop-up online, Apple recommends that you quit your browser immediately. If you can't shut it down normally then use the force quit option by pressing Command-Option-Escape. Then select your browser from the "Force Quit Applications" window and press the "Force Quit" button.

After You Download

If you've downloaded Mac Defender or one of its variants, but haven't installed it yet, then simply throw the download package (usually a file) in the Trash. To be extra safe dump your Trash right away by clicking and holding on the Trash icon until a menu appears and then click "Empty Trash."

After You Install

If you have already downloaded Mac Defender and installed it on your system see the Apple support page under the sub-heading "Removal steps" for a step-by-step guide to removing the app. Under no circumstances should you ever provide Mac Defender or its variants with your credit card details.

Is this the End of the Age of Innocence for the Mac?

That's a hotly debated issue right now among Mac advocates and critics. There has been an uptick in malware activity for Mac recently. Not only has Mac Defender appeared, but there's also a new, high-priced software kit that lets anyone build malware for the Mac. But the truth is the bigger target for malware makers is still the Windows platform. Mac users are such a small segment of the overall global PC population that it's hard for an enterprising criminal to justify targeting such a miniscule number of users. Consider that about 80 million to 90 million PCs are shipped every three months. Apple, meanwhile, sold just over 13 million Macs in all of 2010.

That said, you should probably play it safe and expect to see more Mac-related malware in the wild. In late 2010, Panda security said it was seeing 500 new strains of Mac-specific malware every month.

Steps for the Future

If you're concerned about your computer's security, one of the best things you can do is download real antivirus software such as Sophos' free Mac antivirus program. Even if you refuse to run a security program full time, at the very least you should consider downloading an antivirus program so you can run a full disk scan every week or so.

But, just as Windows users have found out, the best way to stay safe online is to use common sense. If a pop-up window appears asking you to download software, do not agree to download it unless you were the one who initiated the download. If a program you don't recognize asks you for permission to install itself, don't do it. If you can't quit a browser window because of a misbehaving pop-up then force quit the program by clicking command-option-escape. If that doesn't work, try opening terminal and type in killall "browser name" where you substitute "browser name" (including the quotes) for your browser's full application name such as killall "Google Chrome" and not killall "Chrome."

For more tips on how to stay safe online check out PCWorld's How To Safeguard Your Security Online.

Connect with Ian Paul ( @ianpaul ) and Today@PCWorld on Twitter for the latest tech news and analysis.

Join the CSO newsletter!

Error: Please check your email address.

Tags online securityAppleMac OSsecuritysoftwareoperating systemsmalwareantivirus

More about AppleGoogleMacsPandaSophos

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ian Paul

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts