Mac Protector: Fake AV targets Mac OS X users
Posted on 19.05.2011
A little over two weeks have passed since the appearance of MAC Defender, the fake AV solution targeting Mac users. And seeing that the approach had considerable success, it can hardly come as a surprise that attackers chose to replicate it.

This time, the name of the rogue AV is Mac Protector, and according to McAfee, the downloaded Trojan contains two additional packages:
  • macprotector.pkg (the application),
  • macProtectorInstallerProgramPostflight.pkg (bash script that launches Mac Protector once it's installed).
As with MAC Defender, the application requires root privileges to get installed, so the user is asked to enter the password.

"Mac Protector is very sophisticated and uses a lot of resources to appear as a real anti-virus app to the user. There are a lot of images and sounds in the package that simulate system scanning, show the alerts, etc," says McAfee. "Mac Protector will perform a fake scan on the system, and will show rootkits and spyware detections for real and current processes."

Copying MAC Defender again, Mac Protector tries to convince the user that his computer is infected by opening browser windows to sites with adult content. Once the fake scan is finished, the rogue AV says the user must register the app in order for it to be able to clean the system. To do that, the user is asked to fork over their credit card data.

Fortunately for those who fell for the trick, the removal of the offending app is quite simple: delete the MacProtector.App from the Application folder. In case the app doesn't allow you to do that, use the Activity Monitor to kill the MacProtector process and then try to delete it again.


Pen-testing drone searches for unsecured devices

You're sitting in an office, and you send a print job to the main office printer. You see or hear a drone flying outside your window. Next thing you know, the printer buzzes to life and, after spitting out your print job, it continues to work and presents you with more filled pages than you expected.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Oct 9th