July 6, 2022
MAC Defender Variant Can Infect Without Admin Password

MAC Defender Variant Can Infect Without Admin Password

Posted May 25, 2011 at 6:38pm by iClarified · 9708 views
A new variant of the Mac Defender has been found that does not require an administrative password to be installed.

Intego first discovered the MAC Defender fake antivirus, which targets Mac users via SEO poisoning attacks (web sites set up to take advantage of search engine optimization tricks to get malicious sites to appear at the top of search results). Since then, several variants have appeared: MacDefender, MacProtector and MacSecurity, all of which are the same application using different names. The goal of this fake antivirus software is to trick users into providing their credit card numbers to supposedly clean out infected files on their Macs.

Intego today discovered a new variant of this malware that functions slightly differently. It comes in two parts. The first part is a downloader, a tool that, after installation, downloads a payload from a web server. As with the Mac Defender malware variants, this installation package, called avSetup.pkg, is downloaded automatically when a user visits a specially crafted web site.

If Safari's "Open 'safe' files after downloading" option is checked, the package will open Apple's Installer, and the user will see a standard installation screen. If not, users may see the downloaded ZIP archive and double-click it out of curiosity, not remembering what they downloaded, then double-click the installation package. In either case, the Mac OS X Installer will launch.

Unlike the previous variants of this fake antivirus,no administrator's password is required to install this program. Since any user with an administrator's account – the default if there is just one user on a Mac – can install software in the Applications folder, a password is not needed. This package installs an application – the downloader – named avRunner, which then launches automatically. At the same time, the installation package deletes itself from the user's Mac, so no traces of the original installer are left behind.

Apple has posted instructions on how to remove the malware and promises to update Mac OS X to automatically detect and remove it soon.

Read More


MAC Defender Variant Can Infect Without Admin Password

MAC Defender Variant Can Infect Without Admin Password
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
iClarified Icon
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
You must login or register to add a comment...
HO
HO - May 25, 2011 at 10:20pm
What?, Mac's get no malware?
Digihead
Digihead - May 26, 2011 at 4:12pm
you, see, now we have whole one piece of shit what can be removed without effort in 3.5 minutes! ! :D:D:D Want to discuss how easy is to clean a pc and how much shit pcs have? :p
jos
jos - May 26, 2011 at 4:21pm
Very True ... The user is also stil required to install the package himself (unlike windows). Mac is still very secure :)
benjamin
benjamin - May 29, 2011 at 10:33am
Mac, like any other platform, will get more and more virus's and malware as it gets more popular. they will get more complicated,and get harder and harder to remove. Just the nature of computing.
Recent. Read the latest Apple News.
RECENT
Tutorials. Help is here.
TUTORIALS
iPhone 13 Repair Manual PDF [Download]
iPhone 13 Pro Repair Manual PDF [Download]
How to Add Widgets on iPhone [Video]
iPhone 13 Pro Max Repair Manual PDF [Download]
Where to Download macOS Monterey
Deals. Save on Apple devices and accessories.
DEALS