Mac Protector: Fake AV targets Mac OS X users
Posted on 19.05.2011
A little over two weeks have passed since the appearance of MAC Defender, the fake AV solution targeting Mac users. And seeing that the approach had considerable success, it can hardly come as a surprise that attackers chose to replicate it.

This time, the name of the rogue AV is Mac Protector, and according to McAfee, the downloaded Trojan contains two additional packages:
  • macprotector.pkg (the application),
  • macProtectorInstallerProgramPostflight.pkg (bash script that launches Mac Protector once it's installed).
As with MAC Defender, the application requires root privileges to get installed, so the user is asked to enter the password.

"Mac Protector is very sophisticated and uses a lot of resources to appear as a real anti-virus app to the user. There are a lot of images and sounds in the package that simulate system scanning, show the alerts, etc," says McAfee. "Mac Protector will perform a fake scan on the system, and will show rootkits and spyware detections for real and current processes."

Copying MAC Defender again, Mac Protector tries to convince the user that his computer is infected by opening browser windows to sites with adult content. Once the fake scan is finished, the rogue AV says the user must register the app in order for it to be able to clean the system. To do that, the user is asked to fork over their credit card data.

Fortunately for those who fell for the trick, the removal of the offending app is quite simple: delete the MacProtector.App from the Application folder. In case the app doesn't allow you to do that, use the Activity Monitor to kill the MacProtector process and then try to delete it again.


New Zeus variant targets users of 150 banks

Posted on 19 December 2014.  |  A new variant of the infamous Zeus banking and information-stealing Trojan has been created to target the users of over 150 different banks and 20 payment systems in 15 countries, including the UK, the US, Russia, Spain and Japan.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Dec 22nd