Mac Defender threat is ‘no surprise’


The Mac Defender fake anti-virus threat should come as no surprise, given the sharp rise in attempts on Apple Mac systems, according to security experts.

Many Mac users have been duped into downloading the fake software, which has spread thanks to SEO poisoning attacks.

The perpetrators convinced users their systems were infected and needed protection, asking them to download the Mac Defender application for a fee.

Mac Defender also automatically opened web pages for pornographic sites, most likely to convince the user their system was infected, security firm Intego explained in a blog post.

This kind of attack has plagued Windows systems for years, but the fact it has targeted Macs should not shock anyone, said David Emm, senior security researcher at Kaspersky Lab.

"This is not a surprise as the number of Mac-specific threats, while very small compared to those targeting Windows systems, has been growing rapidly over the last two years," Emm told IT PRO.

"Given the success of cyber criminals' rogue anti-virus programs, the emergence of rogue anti-virus programs for the Mac platform comes as no surprise."

Security professionals have increasingly called for Mac users to be more vigilant, as more and more cyber criminals turn their attention to the platform.

The days when Macs were considered highly secure on their own appear to be at an end, many in the industry have said.

This isn't actually the first fake AV to target Mac users, though it's easily the most successful.

Earlier this month, what was believed to be the first ever Mac OS X crimeware kit was spotted.

However, attacks on Mac users have largely relied on tricking users rather than exploiting systems themselves, as Mac Defender did, said chief executive of Small Blue-Green World, David Harley.

"This isn't actually the first fake AV to target Mac users, though it's easily the most successful," said Harley, who is also administrator of his company's Mac Virus blog.

"There have always been Mac threats, though OS X virtually eliminated the virus problem. What OS threats there are target users rather than the operating system: that is, they normally rely on social engineering rather than vulnerabilities in the OS."

Emm agreed the Mac Defender attack did not exploit any actual vulnerabilities within the Mac OS, although this was standard in fake anti-virus attacks.

"Like any rogue anti-virus program, the danger lies not in the impact the program has on the system (though we know from experience that they aren't easy to remove manually), but in the fact that people are tricked into parting with their money to remove threats that aren't really there," Emm added.

"To defend against these programs, people should avoid the temptation to click on random pop-ups or buttons that purportedly claim to detect and/or clean malware, and should proactively install internet security software to block such programs."

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.