Mac-targeting Rogue MacDefender Shape Shifts into MacGuard, Becomes Even More Dangerous
Intego, company that specializes in providing security solutions for Macs, has recently reported that the Mac-targeting rogue known as MacDefender (also known as MacSecurity and MacProtector) has shape shifted into a new, even more dangerous variant called MacGuard.
What makes this new variant more dangerous than previous versions? Why the fact that unlike previous variants of this rogue, this one does not ask the user to type in the administrator password when it installs itself and infects the user’s machine. “Unlike the previous variants of this fake antivirus, no administrator’s password is required to install this program. Since any user with an administrator’s account – the default if there is just one user on a Mac – can install software in the Applications folder, a password is not needed,” explained Intego.
The MacGuard rogue makes its way onto the user’s computer as follows:
– When the user visits a specially crafted website, a package called avSetup.pkg is automatically downloaded onto the user’s machine. The package will open Apple’s installer if the “Open safe files after downloading” option is checked in Safari.
- The user will be presented with a standard installation screen. An application called avRunner will then be installed; once the installation process completes, the installation package deletes itself.
- avRunner will then download the MacGuard rogue. The user will not be asked for his username and password at any time.
In related news, Apple has officially responded to the MacDefender rogue and its variants. It has posted an online support document in which it explains how to remove the rogue and how to make sure the rogue does not compromise your machine. Apple also said that it will release an update that will present the user with an explicit warning if he tries to download the MacDefender rogue or any of its variants and will automatically find and it will automatically remove the MacDefender rogue and its variants from compromised machines.
Tags: Intego, Security, Fake AV, Rogue, MacDefender, Apple, MacGuard
What makes this new variant more dangerous than previous versions? Why the fact that unlike previous variants of this rogue, this one does not ask the user to type in the administrator password when it installs itself and infects the user’s machine. “Unlike the previous variants of this fake antivirus, no administrator’s password is required to install this program. Since any user with an administrator’s account – the default if there is just one user on a Mac – can install software in the Applications folder, a password is not needed,” explained Intego.
Advertising
The MacGuard rogue makes its way onto the user’s computer as follows:
– When the user visits a specially crafted website, a package called avSetup.pkg is automatically downloaded onto the user’s machine. The package will open Apple’s installer if the “Open safe files after downloading” option is checked in Safari.
- The user will be presented with a standard installation screen. An application called avRunner will then be installed; once the installation process completes, the installation package deletes itself.
- avRunner will then download the MacGuard rogue. The user will not be asked for his username and password at any time.
In related news, Apple has officially responded to the MacDefender rogue and its variants. It has posted an online support document in which it explains how to remove the rogue and how to make sure the rogue does not compromise your machine. Apple also said that it will release an update that will present the user with an explicit warning if he tries to download the MacDefender rogue or any of its variants and will automatically find and it will automatically remove the MacDefender rogue and its variants from compromised machines.
Tags: Intego, Security, Fake AV, Rogue, MacDefender, Apple, MacGuard
I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 May 2013
This week the Linux Mint team announced that they pushed out the Release Candidate (RC) of Linux Mint 15 codename Olivia. This is the most ambitious release since the start of the Linux Mint project.
By George Norman on 16 May 2013
Bromium, nexB and ownCloud are the newest members of The Linux Foundation. Pushed by the fact that the use of Linux in enterprise keeps growing, these companies decided to embrace collaborative development.Related News
By George Norman on 23 Nov 2012
Security company Intego announced that it is offering a 30% discount to anyone who uses a special Black Friday coupon code to purchase its products. Hurry, this is a time limited offer!
By George Norman on 08 Jan 2013
On Monday, Apple was glad to announce that more than 40 million downloads from its App Store have been recorded. About half of that, about 20 billion downloads were recorded in 2012 alone.
By George Norman on 31 Jan 2013
Apple announced the release of a new 4th generation iPad model that has a storage capacity of 128GB. That is twice the storage capacity you can use to enjoy all sorts of content 
By George Norman on 17 Dec 2012
On the 14th of December the iPhone 5 became available for purchase in China. Three days later Apple announced that it sold more than 2 million devices.Advertising
Hot Software Updates
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
Mac-targeting Rogue MacDefender Shape Shifts into MacGuard, Becomes Even More Dangerous
HTML Linking Code
HTML Linking Code