Remember MacDefender? It was the first really big piece of malware to hit the Mac operating system, and was a huge problem for Apple’s tech support teams… such a huge problem, in fact, that Apple introduced a self-updating anti-malware database into OS X, which basically killed MacDefender and its variants off.
MacDefender worked by tricking users into believing that they’d been infected by malware (which they in fact had — MacDefender’s own — even though it was trivial to remove the infection) then tried to bilk them out of their credit card numbers for bogus anti-malware software.
MacDefender died off pretty quickly after Apple updated Snow Leopard to fight it, but the perps behind the software went unidentified. Now, it looks like they’ve been caught, raided and busted.
Brian Krebs of Krebson Security writes:
On June 23, Russian police arrested Pavel Vrublevsky, the co-founder of Russian online payment giant ChronoPay and a major player in the fake AV market…
In May, I wrote about evidence showing that ChronoPay employees were involved in pushing MacDefender — fake AV software targeting Mac users. ChronoPay later issued a statement denying it had any involvement in the MacDefender scourge.
But last week, Russian cops who raided ChronoPay’s offices in Moscow found otherwise. According to a source who was involved in the raid, police found mountains of evidence that ChronoPay employees were running technical and customer support for a variety of fake AV programs, including MacDefender.
The last release of MacDefender occurred on June 18. ChronoPay’s offices are raided June 23. A coincidence perhaps, or Russian law enforcement saving Mac users from fake antivirus software.
Fingers crossed. What a bunch of slime buckets.