New MacDefender Called MacGuard Installs Without Your Password

Intego is now reporting that a new version of the MacDefender malware has been released that doesn’t require users to enter their administrator password. As a result this threat is even more potentially harmful to the average user who is unaware of the threat or how to avoid getting infectedApple recently acknowledged the malware issues and is promising a fix to deal with the problem, but for now users remain vulnerable to what Intego is classifying as a medium threat.


If you see this window you are infected; notice the bottom "Apple security center" which is not part of OS X

How it Works

The malware was discovered May 2 and hits any user who happens to find a website that has been hacked or setup to infect the user. The user usually finds it by searching for popular topics on search sites like Google. Previously to be infected the user had to download the malware and run the installer wich would require the user to enter their admin password for the Mac system. This new variant will download a program that gets installed and then downloads the harmful part of the malware to the system and installs it. The first package downloaded is called avSetup.pkg. It installs the downloader, that then does the dirty work of actually downloading the bad application.

The user is fooled into thinking they need to download and install the application because they are told their system has a virus. The above window is a very impressive fake Finder window. If you see this window, do not download anything or run anything it tries to download to your computer.

Like the previous threat, the best way to defend against this is to turn off the Open Safe Files feature in Safari which we showed you hot to do previously. We don’t know if Apple’s new temporary instructions help in dealing with this new threat or not. Based on Intego’s recommendations below, it looks like Apple’s instructions should prevent the threat from harming your system.

Avoiding this New Threat

Intego gives the following advice for avoiding this new threat:

Means of protection: the first thing to do is make sure that when seeing a web page that looks like a Finder window, and purports to be scanning your Mac, you know that this is bogus. Leave the page, and quit your web browser. If anything has downloaded, and the Installer application has opened, quit it right away; look in your Downloads folder for the file, then delete it. Next, users should uncheck the “Open ‘safe’ files after downloading” option in Safari’s General preferences.

Intego has a free program in the Mac App Store that claims tol defend against this threat and others. The app is called VirusBarrier Express. There is also a premium version called Virus Barrier Plus for $9.99.

Intego Virus Barrier Plus

Tips for Avoiding Malware on Any OS

With the rising popularity of Macs, it was only a matter of time before we began to see this kind of trouble. No matter how safe an operating system is, the evil doers will always look for ways to exploit the OS if it is profitable. The more Macs there are the more profitable it becomes. The good news is that we still do not know of an OS X malware threat that cannot be avoided by some common sense.

  • Avoid suspicious websites
  • Do not install programs unless you are certain they are safe
  • Never input your system password unless you are installing software that actively sought to download and install
  • If a web site offers to let you download software that were not actively looking for, don’t!
  • Never open email attachments unless you know who sent it and that they were planning to send you an attachment
  • If you are in doubt that someone was planning to send an attachment, then just ask before opening it

Related Posts