Mac-targeting Rogue MacDefender Shape Shifts into MacGuard, Becomes Even More Dangerous
Article by George Norman
On 30 May 2011
Intego, company that specializes in providing security solutions for Macs, has recently reported that the Mac-targeting rogue known as MacDefender (also known as MacSecurity and MacProtector) has shape shifted into a new, even more dangerous variant called MacGuard.

What makes this new variant more dangerous than previous versions? Why the fact that unlike previous variants of this rogue, this one does not ask the user to type in the administrator password when it installs itself and infects the user’s machine. “Unlike the previous variants of this fake antivirus, no administrator’s password is required to install this program. Since any user with an administrator’s account – the default if there is just one user on a Mac – can install software in the Applications folder, a password is not needed,” explained Intego.

Sponsored Links

The MacGuard rogue makes its way onto the user’s computer as follows:
– When the user visits a specially crafted website, a package called avSetup.pkg is automatically downloaded onto the user’s machine. The package will open Apple’s installer if the “Open safe files after downloading” option is checked in Safari.
- The user will be presented with a standard installation screen. An application called avRunner will then be installed; once the installation process completes, the installation package deletes itself.
- avRunner will then download the MacGuard rogue. The user will not be asked for his username and password at any time.

In related news, Apple has officially responded to the MacDefender rogue and its variants. It has posted an online support document in which it explains how to remove the rogue and how to make sure the rogue does not compromise your machine. Apple also said that it will release an update that will present the user with an explicit warning if he tries to download the MacDefender rogue or any of its variants and will automatically find and it will automatically remove the MacDefender rogue and its variants from compromised machines.



Tags: Intego, Security, Fake AV, Rogue, MacDefender, Apple, MacGuard
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 24 May 2016
Anakin and Padmé met when she was forced to land on Tatooine. Han Solo and Leia met only because Luke Skywalker promised Han a huge reward for rescuing her. The big romances in Star Wars happen without...
By George Norman on 23 May 2016
They say that it’s an honor just to be nominated. Well, these are the 40 Android apps and games that were nominated, but did not manage to score a win at the first-ever Google Play Awards.
Related News
By George Norman on 17 Feb 2016
Apple once said that only PCs have malware problems. That is no longer the case. Mac malware has been around for 10 years now and it's been constantly evolving all this time.
By George Norman on 12 Apr 2016
As the Apple Watch is coming up on its one-year anniversary, Apple released a series of 8 new videos that promote its smartwatch and drum up hype for the wearable, presumably because...
By George Norman on 26 Apr 2016
The new Logi BASE from Logitech uses Apple’s Smart Connector technology to charge the 12.9-inch as well as the 9.7-inch iPad Pro. It is the first iPad Pro stand that uses the Smart Connector to charge the iPad Pro.
By George Norman on 23 Mar 2016
Apple left out a few things when it presented the new iPhone SE, the "most powerful phone with a four-inch display", at its HQ in Cupertino. Like...
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Mac-targeting Rogue MacDefender Shape Shifts into MacGuard, Becomes Even More Dangerous
HTML Linking Code