After Apple has recently been harshly criticized by many security experts for their hands-off approach to the MacDefender nightmare that has been plaguing Mac owner which they finally owned up to on May 24th. They have now acknowledged the problem that has been staring them in the face when it first appeared in the wild 25 years ago. However, the issue is not yet resolved as the creators of the malware issued a riskier, comeback version just hours after the Apple announcement of a fix for the problem.
Apple has maintained that their MacOS software is far safer than Microsoft when it comes to viruses and malware and has maintained that there is no need for anti-virus software as compared to Windows. It seems that all of that has now changed with the MacDefender and Apple now has to defend their OS as they have never had to do so before and puts them in a unusual postison.
Analysts are saying that the timing and the degree of threat for the newly created malware appears to be taking a shot at Apple’s announcement, something that included steps on how to remove the fake antivirus MacDefender and how to prevent from being a target of the user’s computer. The new version, called MacGuard, has been created within the first 12 hours after issuing a technology support note with a title of “How to avoid or remove MacDefender malware”, plus promises of the company issuing a security update that would automatically search and delete the infections. The newer version now renders these outdated with a twist in its process.
MacGuard works by contaminating search engine results using a method called “SEO poisoning”, wherein phony sites tap into the algorithms that the engines use to appear in the top results. It then automatically downloads an installer called avSetup.pkg that opens when the browser settings of the computer allows for the option “Open ‘safe’ files after downloading”. From then on, the user only has to click “OK” for the installer to contact a hacker site and download the payload that is similar to the original MacDefender. The program installed as a fake antivirus actually tricks users into taking credit card information.
AppleCare personnel have been flooded this month with 60 to 125 thousand calls from customers who have been infected with the MacDefender versions, according to information acquired from an outsourced support company hired by Apple. Now they are allowed to offer the support needed considered by many to be a little too late. Previously Apple did not want acknowledgement of the MacDefender.
Microsoft’s engineers have seen similarities between MacGuard and a version that targets Windows, leading to a conclusion from clues that Eastern European or Russian hackers are behind the phony antivirus campaign. MacGuard’s older versions go under the names of MacDefender, MacProtector, and MacSecurity.
As with anything that you do on your computer, if you are asked to download something that you are not absolutely sure of, do not download it.