Apple Issues Advisory For Mac Defender Phishing Attack


In what has been up until now unchartered territory, Apple admitted that the recent onslaught of MacDefender malware is a threat to its Mac OS X platform and offered a temporary workaround to mitigate the problem.

Apple issued an advisory Tuesday, warning users about a new strain of Mac Defender malware , also known as Mac Defender scareware, a phishing scam that targets users by redirecting them to fake antivirus Web sites that download malicious code onto users' Macs. The admission and subsequent advisory represented a stark about-face from the Cupertino-based company's previous directive that prohibited support staff from offering help to users calling for assistance after becoming infected with the MacDefender malware.

During the phishing attack, Mac users are subjected to a link or pop-up directing them to a fake antivirus site. The site then purports to conduct a scan, and then falsely determines that their machine is infected with a virus. The scammers then offer the Mac Defender fake antivirus software in order to resolve the issue.

In reality, however, the download installs bogus software on the user's Mac, designed to elicit credit card credentials from users who think they're paying for antivirus.

The attack swept through users' Macs last week, pummeling thousands of users and flummoxing Apple helpdesk personnel ill-equipped to deal with the onslaught of calls associated with the Mac Defender scareware.

Security experts said the Mac Defender phishing scam was identical to fake antivirus attacks targeting the Windows platform.

"It's exactly identical to the Windows-based version, said David Perry, director of global education at Trend Micro. "There's no real malware. This isn't going to destroy any data. The end goal for these (scammers) is to get you to pay for fake antivirus."

In its advisory, Apple said that it planned to release a security update remediating Mac Defender malware from Mac OS X.

"In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove MacDefender malware and its known variants. The update will also help protect users by providing an explicit warning if they download this malware," Apple said in its advisory.

However, Apple offered detailed steps for removing the scareware, as well as several security best practices, until the company could develop and release a fix.

In its advisory, Apple recommended that users immediately close their Safari browser if they receive any notification about viruses or solicitations for Mac Defender security software. If the malware prevents users from closing their browser, Apple said that they should apply the Force Quit function.

Apple added that users should delete the installer and avoid entering any administrative passwords if the browser automatically downloaded the malware and launched the installer. Should malware be installed, Apple advised users to follow the given instructions, while instructing them to "not provide your credit card information under any circumstances," Apple said.

Apple's advisory shortly follows after the company reportedly barred its support staff from suggesting to users that they could be infected with Mac Defender scareware or offering help.

Next: Security Experts Weigh In On Mac Defender Response