The malicious software was highlighted on Monday by Intego – the company behind the VirusBarrier X6 antivirus software for Mac – after Apple Support Community users started reporting the threat. Intego say the software prompts users to download a compressed ZIP archive after clicking on a dodgy link in their search engines. The file is then decompressed and begins installing MACDefender on the system.
Users still have to go through the installation process, however, and enter the administrator’s password to complete the installation. Because these steps are necessary, this malware shouldn’t be a threat to careful users who only install software they have knowingly downloaded and trust to be safe, and therefore this threat is very low risk.
Users can prevent the ZIP file from opening altogether by disabling a feature in Safari that automatically opens ‘safe’ files after downloading. To turn this feature off, go into Safari’s preferences and click on the ‘General’ tab. You’ll find a check box at the bottom of the page – remove the tick from the box and exit preferences. Downloads will no longer open automatically.
It pretty much goes without saying that you should never trust a file that automatically begins downloading when you click on a link within a search engine.