Mac Protector: Fake AV targets Mac OS X users
Posted on 19.05.2011
A little over two weeks have passed since the appearance of MAC Defender, the fake AV solution targeting Mac users. And seeing that the approach had considerable success, it can hardly come as a surprise that attackers chose to replicate it.

This time, the name of the rogue AV is Mac Protector, and according to McAfee, the downloaded Trojan contains two additional packages:
  • macprotector.pkg (the application),
  • macProtectorInstallerProgramPostflight.pkg (bash script that launches Mac Protector once it's installed).
As with MAC Defender, the application requires root privileges to get installed, so the user is asked to enter the password.

"Mac Protector is very sophisticated and uses a lot of resources to appear as a real anti-virus app to the user. There are a lot of images and sounds in the package that simulate system scanning, show the alerts, etc," says McAfee. "Mac Protector will perform a fake scan on the system, and will show rootkits and spyware detections for real and current processes."


Copying MAC Defender again, Mac Protector tries to convince the user that his computer is infected by opening browser windows to sites with adult content. Once the fake scan is finished, the rogue AV says the user must register the app in order for it to be able to clean the system. To do that, the user is asked to fork over their credit card data.

Fortunately for those who fell for the trick, the removal of the offending app is quite simple: delete the MacProtector.App from the Application folder. In case the app doesn't allow you to do that, use the Activity Monitor to kill the MacProtector process and then try to delete it again.






Spotlight

Patching: The least understood line of defense

Posted on 29 August 2014.  |  How many end users, indeed how many IT pros, truly get patching? Sure, many of us see Windows install updates when we shut down our PC and think all is well. Itís not.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 2nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //