Mac Defender Variant Bypassed OS X Anti-Malware Software Within Hours

Mac Defender Variant Bypassed OS X Anti-Malware Software Within Hours

When we talk of cat-and-mouse within the context of Apple, we’re usually talking about Apple vs. jailbreakers, but it seems there’s a new mouse in town: Mac Defender.

Less than a day after Apple released a new security update nuking Mac Defender from orbit, a new variant has appeared that skirts around the protections of the update.

Called Mdinstall.pkg, this variant hit the scenes especially fast: with a time stamp of 9:24PM Pacific Time, the Mac Defender malware evolved within eight hours time.

Although it seems dire, this shouldn’t be a huge deal. The latest security update also included new functionality that allows OS X’s anti-malware definition file to update itself without manually downloading and applying a security patch, so Mdinstall.pkg will probably only have a shelf life of a day or less before Apple nukes this variant too.

Even so, a message has been sent: the Mac Defender guys are in this for the long haul. They are going to be just as pesty and persistent as Windows malware developers. Expect to see a lot more variants of Mac Defender before all is said and done.

  • Gordon_Keenan

    Welcome to reality Mac users! Disengage your smug mode’s and get ready for pain! :)

  • No!

    Noooooooooooooooooooooooooooo

  • prof_peabody

    Or, just don’t click on “install” and you will be safe forever. 

  • Gordon_Keenan

    You seriously expect and end user to think? Oh yes, Mac users think, PC users are thick! Doh!

  • Gordon_Keenan

    Maybeeeeeee?

  • Conrad MacIntyre

    I wish people like this (Mac & Windows Malware developers) would move out of their parents basements and get a real job. They obviously have the chops to do something worthwhile… why not do that?

  • Phil Reece

    That is a very juvenile and ignorant perspective on the industry that is computer hacking.  Unlike a simple script virus, Mac Defender is actually setup to dupe owners into submitting their personal and credit card information.  The creators of MD not only profit indirectly from the sale of said personal information, but amazingly enough on the direct sale of bogus anti-malware software that they claim to be providing.  This is certainly not the work of “kids in basements.”  These are multi-national organized crime syndicates, likely from Eastern Europe.  It’s a new world.

  • EasyOSX

    I guess it shouldn’t really be a surprise.

  • ONCEYOUGOMACYOUCAN’TGOBACK

    I think you are a PC user. Why are you even on a Mac-related website. Fancy picking up a Mac? Want to see what it is like? I bet your PC has the Apple wallpaper and runs Safari and all those other Mac-alike tweaks.

    Hey, I have been using a Mac for five years, I got my first virus last month…

    A WINDOWS VIRUS!

    They do nothing to Macs.

    There are millions of windows viruses out there and about… one which hasn’t been patched. You may say Apple has had little viruses because of it’s market share. But one in 5 computers purchased in stores in AMerica are Macs.

    If you’re in the market for Macs apple does refurbished models for those with… A LOWER BUDGET!

  • THEPOSTBELOW

    I think you are a PC user. Why are you even on a Mac-related website. Fancy picking up a Mac? Want to see what it is like? I bet your PC has the Apple wallpaper and runs Safari and all those other Mac-alike tweaks.Hey, I have been using a Mac for five years, I got my first virus last month…A WINDOWS VIRUS!They do nothing to Macs.There are millions of windows viruses out there and about… one which hasn’t been patched. You may say Apple has had little viruses because of it’s market share. But one in 5 computers purchased in stores in AMerica are Macs.If you’re in the market for Macs apple does refurbished models for those with… A LOWER BUDGET!

  • Ed_Kel

    Mac users don’t have to think; our computers think for us!

    When will you people understand that there IS a difference between an easily removable program that only exploits the user’s ignorance and a program (on Windows PCs) that will even trick the most seasoned professional. 

    Until something hits my Mac that takes more than three clicks to delete I will keep pain free! FTW

  • Amazed

    It’s Intego. The software is well designed implying it has been given a lot of time to develop it, Intego released the warning for it first and the fact that it’s Mac only shows that it’s made by someone who addresses only Mac users, which is what Intego does.

  • Dave

    You speak about these people as if they are gods! They don’t deserve admiration, more like prison!

  • Amazed

    Plus, it’s not malware. It’s phishing.

  • Ed_Kel

    Love the name and have to say it is so true. Never once did I even look at Macs until about a year ago. I went to the Apple store to buy my iPhone 4 (first Apple product that I ever bought) and he told me that it was going to be my “halo”. Sure enough, I haven’t gone back!

  • cheesy11

    this is not what i expected, it looks like who ever is doing this expected this to happen and already had plans of action against it

  • Guest

    Pricks.

  • beewhy

    i have a mac the only thing vie ever used. always get them brand new but refurbished is not bad. so instead of dissing someone who may or not use a mac does it matter? sounds like you need to grow up you sound like a little girl. geeks like ou give mac users a bad name. who cares what computer someone uses. grow up

  • CharliK

    It is both. Malware is anything that does something nasty. So virus, trojans, phishware all fit. 

    and in the case of this program it is a phish playing trojan horse as an protection software so it is doubles 

    And it makes sense that these guys or gals are spinning new versions. Their goal is to be pests and to get credit cards. Even if a variant is shut down within hours if they can get one card that’s one more than they had so it’s still a win

  • CharliK

    These guys would probably defend what they are doing by saying that they are teaching that tip to folks. They would likely claim that Mac Users and Apple have gotten complacent with the notion that they are malware safe for life and so they don’t use basic safety when on the internet. And someone needs to teach them to  change those ways. And if it hurts a little they will learn faster (and nothing hurts more than a ripped off credit card account). They would also likely claim that Apple needs to start really making an effort to protect their users. 

    Thus they are performing a public service and the spoils of those credit cards are just their ‘commission’ for this very needed lesson. 

  • fff

    Interesting to watch Apple play whack-a-mole with a virus just like Microsoft has to.

  • prof_peabody

    The vast majority of computer users don’t even know how to install programs or download files and PC or Mac has not much to do with it.  

    That being said, it’s Darwinism at work.  If a person is stupid enough to get caught by malware like this, they deserve whatever happens and maybe it will teach them to leave computers alone and stick to their iPad. 

  • Jeremiah Nilsson

    i think malware bozoz are best fought with .50 cal.

  • danieljhon

    7 Quick & Healthy Breakfast Ideas
    http://www.articles9.net/2011/

  • Sean Liu

    He called them crime syndicates; I don’t think that’s admiration.

  • Sean Liu

    wow what a douche

  • Ok

    woooooooow, Windows Defender for Mac = Mac Defender, but anyway, NO VIRUSES FOR MAC!

    purple sheeeeeeeple, watch this :D

    http://www.youtube.com/watch?v

  • Mike Rathjen

    Time to send Seal Team Six after these guys.

  • Janne

    This will be solved by Lion. It will probably default to only accepting installs from the Mac App Store. If the user enables side loading he only has himself to blame.

  • Hampus

    Indeed, just don’t install crap you haven’t asked to get downloaded yourself and trust. Have worked for me on windows, haven’t had a proper virus since Vista was new…

    Problem is, the this doesn’t work for the common user, they press install on everything…

  • Hampus

    The vast majority do know and are pretty darn good at it, too good in fact, that’s why these kind of “infections” work…

  • Hampus

    Meh, this kind of malware is the exact type that is the most common on Windows machines too, old fashioned viruses and worms have become less common (or windows more secure i guess, bit of both maybe).

    You are right though, this far they are very easy to remove on OSX, these kind of things for Windows are often a bit more persistent.

  • Hampus

    Well “No virsus for mac” would still be true, this is a trojan and a phising scam, the most usual kind of malware for any platform…

    Also, Apple has never said Macs doesn’t get viruses, go check their site, clearly say it Macs doesn’t get Windows PC viruses. ;P

  • Ok

    :)

  • cheesy11

    this will test apples software security team

  • HelpTheBeatles

    I wonder if someone could go into the package contents and check out the metadata for IP addresses or other information that could lead the authorities to them?

  • TheCavalry

    Quick somebody tell Steve!

  • HelpTheBeatles

    Run!!!

  • loopster82

    hope they got enough doritios and red bull stocked up or the haul won’t be so long.

  • Figurative

    It is not a virus.  It is an application masquerading as a legit application.  People must authenticate by entering their password. 

  • Figurative

    It’s amazing how some people view things.

  • Figurative

    And for those who are saying it’s a Mac-newbie thing…

    Well, those people have an easy solution.  Only buy software from the Mac App Store ™ and other trusted sites.

    See?  Simple.

  • fff

    Nope. No password needed. You may want to read the links in the post.

    Also, po-tay-to, po-tah-to. 

  • Phil Reece

    Settle down Dave.  I’m only reporting the facts, not issuing any form of admiration.  I actually fear them more than anything.  You just can’t live with your head in the sand.  Also, in no way do I condone the actions of these criminals.  We just can’t romanticize them as being the rogue basement-dwelling kid of the late 80′s and early 90′s.  It’s big business with a purpose, to steal your money.

  • wemyss chen

    Dear friends.I invite you to visit my website for news and tips about outdoor digital accessories.Here are two links for best iPhone gloves and latest touch screen gloves
    Just go and have a look.

  • Mitchell Busby

    And the signature-based war begins for OS X…

  • tim71

    This kind oh stuff wouldn’t start to happen this way, if Safari would not have this “open safe files” feature at all – at least not enabled by default. End of story. As I don’t use Safari on Mac almost at all, I wouldn’t even know about this thing without reading about it. It’s almost as  “secure” as using IE on Windows in that context. I was happy with Opera on Windows and Linux and now I use it on Mac…

  • Amazed

    Malware: software that is intended to damage or disable computers and computer systems. MacDefender isn’t malware.

  • Trust

    Eastern Europe…it seems more like Chinese or Indian hackers…

  • Phil Reece

    That is possible.

  • Dilbert A

    no.

  • Marcio Morgado

    Oh come on, why would any one get it for mac anyways. A true mac user
    knows the mac security is higher then PC’s. Big deal so they got something past the screen, they can try and be harsh but Apple has the man power to blow them out of the water. Hell that’s their entire platform against Microsoft anyways.

  • Dan

    Don’t forget a lot of children use computers now and my grand daughter downloaded this malware but I had warned her about not installing anything so it saved a minor headache. but it’s teaching everyone that is important until it gets more complicated.

About the author

John BrownleeJohn Brownlee is a Contributing Editor. He has also written for Wired, Playboy, Boing Boing, Popular Mechanics, VentureBeat, and Gizmodo. He lives in Boston with his wife and two parakeets. You can follow him here on Twitter.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in News | Tagged: , , |