5 ways to stay safe from fake anti-virus malware attack on Macintosh

Macintosh users are finding out the hard way what Microsoft Windows users have known for a long time: Criminals want to sell them fake anti-virus software by scaring them with lies that their computer is infected.

Apple admits Mac scareware infections, promises clean-up tool

This week the scareware targeting Mac OS X users is known as "MacDefender," with variants called "MacProtector" and "MacSecurity." Here are some tips for dealing with it:

1) Apple's advice is to first try and navigate away from the dangerous fake antivirus page by "force-quitting" this dangerous application. Apple support describes the process as "chose Force Quit from the Apple menu (or press Command---Option-Esc), then choose the unresponsive application in the Force Quit window, and click force Quit."

2) In some scenarios, the Apple browser may automatically download and launch the installer for this malicious software, Apple points out. If this happens, Apple says "cancel the installation process; do not enter your administrator password." Deleting the installer immediately involves going into the Downloads folder "or your preferred download location," according to Apple, dragging the installer to the Trash and emptying the Trash.

3) One real anti-virus vendor, Intego, says if users do unexpectedly see an installation screen from MacDefender, they should not go further and install the application. "This installation screen is the normal Mac OS X installer screen, but this should only display when you expect to install software." Intego says to uncheck the "Open 'Safe' files after downloading" option in Safari, or similar options in other browsers. If a browser asks you if you want to run an installer when you did not expect to download an installer, always click the No or Cancel button.

4) Apple says it plans to have a signature-detection tool for MacDefender in the next few days. You may not want to wait. Instead, you may want to turn to real anti-virus vendors for ongoing protection against Mac-based malware, even though the Apple Macintosh has been far less a target for malware than Windows.

5) If you need to clean the MacDefender off your computer, Apple describes how to do this in its statement from May 24, noting that the malware also installs a login item in system preferences. Apple says it's not necessary to remove the login item but does explain how to do it.

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags AppleMicrosoftsecurityApple Macintosh; fake anti-virus; MacDefenderanti-malware

More about AppleIntegoLANMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts