New Mac OS malware threat masquerades as antivirus software
Mac users are once again being warned about malware targeting the operating system, although its spread looks limited and requires interaction by the user in order to be installed. Called "MACDefender," the malware is currently being spread by malicious websites claiming the user's computer is infected.
JavaScript in the page's coding downloads a zip file automatically, which if a user has the option within Safari to automatically open 'safe' files after downloading would decompress and open the installer. The user then must proceed through the installation process which will place a Trojan horse on the user's computer.
Mac antivirus software maker Intego said that the application is very well designed and may trick some into believing it is indeed legitimate. From time to time the application will alert the user that "viruses" have been detected and prompt the user to "cleanup" his or her computer, or randomly pop up pages to pornographic sites to further the illusion.
Users are also prompted to "register" the software, with different options available. It asks for a credit card number as well, likely in an effort to steal the user's credit card information.
"In the past, these types of sites--very common vectors of Windows malware--only delivered Windows .exe applications," the company wrote in an alert. "The fact that such a site is providing a Mac rogue antivirus is new, and extremely rare."
Intego is recommending that users uncheck options in their browsers that automatically open downloaded files, as well as never installing software from unexpected Mac OS X Installer screens.
Another option to protect your Mac that has been recommended by both Apple and security experts is to never do day to day business in the Administrator account: create another without Administrative privileges for that.