MACDefender trojan protection and removal guide

“At this point, you probably know all about the Mac Defender thats doing the rounds,” John Brownlee reports for Cult of Mac.

“How can you tell if you’re infected by MacDefender?” Brownlee asks. “Luckily, it’s pretty easy to spot it on your system… and even easier to remove it, if you know how.”

Full article, which explains how to spot and remove MacDefender from your Mac, here.

TUAW’s Steven Sande provides an excellent overview on removing MacDefender from your system and protecting your system rom MACDefender here.

[Thanks to MacDailyNews Reader “Fred Mertz” for the heads up.]

Related articles:
Apple investigating ‘MACDefender’ trojan – May 19, 2011
Is Mac under a virus attack? No. – May 4, 2011
Intego: MACDefender rogue anti-malware program attacks Macs via SEO poisoning – May 2, 2011

22 Comments

  1. Now if someone tells you that the Mac is just as vulnerable as Windows, tell them to go fly a kite. This Trojan is akin to jerks calling people on the phone tricking them into giving their credit card information, or more jerks sending snail mail with the same B.S. trick. This technique makes “everyone” vulnerable for credit card scams.

    1. Well for this kind of problem it is.. anything would be.

      This is how the vast majority of malware infections happen on Windows too.

      Genuine Viruses , like the kind that spread on their own and infect an operating system using exploits are not that prevalent on Windows these days. I haven’t seen one in years.

      Its all social engineering to trick you into clicking “Install”

      1. Windows malware cripples your PC rendering it inoperable until you do a clean install. Depending on how pernicious the virus is even the best AV software cannot quarantine it successfully. 

        A friend’s PC was infected by a virus that auto executed from a file exchanged over Skype. He’s now ditched his piece of shit PC for a MacBook Air which I advised him on. Less hassles, no worries. 

        This was last week so your assertion that Windows viruses have not impacted Windows users in years is clearly wrong.

        1. If a piece of malware cripples your machine that bad then the first thing you need to do is stop running as a full administrator.

          Your friend was not hit by a virus, he ran a trojan that was sent over Skype. Kinda like some of these poor folks who have run this MacDefender garbage from a website.`

          The last time I saw an actual ‘virus’ was somewhere around 2002 or 2003. Since then its all been the same crap, apps just like the one this article is talking about.

          I never said there is no impact to users or even asserted as much. Learn to read.

          I said actual viruses are not that prevalent, and I stand by that statement.

          1. “the first thing you need to do is stop running as a full administrator”

            Well, that’s the point. Windows users will have to once more reduce their user abilities and fear every file transfer. Just yesterday my cousin told me they were unable to view my online video because it was made on Macs. So I uploaded the same H264 video to YouTube for them and all was happy. What gets me though is that the fear level is so high among Windows users that they end up not able to do anything whether its viewing pictures, videos, or downloads, and they NEVER do banking. Then they have the audacity to say Mac users are blind zealots living in a walled garden.

    1. Mac OS X is UNIX/BSD-based.

      I’m no security expert, so this is merely my potentially incorrect understanding:

      With Linux distros and BSD variants, while they ARE more secure, they are still just as vulnerable to the human element. Lack of malware that runs on those platforms is just “Security through obscurity.”
      Another thing to consider is that any platform that supports java script (so, any platform that can access http://www.facebook.com, for example) is still vulnerable to java-script based launching of downloads, stealing of info, etc. depending on how (poorly) the browser/java script is sandboxed.

      1. Better, Mac OS X *IS* Unix. Unlike Linux, Mac OS X is fully UNIX 03 compliant, and has been since 2007, when Leopard (10.5) came out. Apart from HP/UX and Solaris, only a few other Unixen (inlcuding AIX) seem to be UNIX 98 compliant, most are worse.

    2. Dude, if you can install software on a given system, you are vulnerable, there is nothing more to it. Unix is just as vulnerable to this type of attack as any other OS. iOS is the only exception, because it has Apple vetting every single line of code that gets distributed through the App store.

    3. OS X is an officially recognized UNIX operating system which is, in part based on BSD. It is very secure. Even when you install this trojan there is only so much it can do because, unlike Windows, there is no registry it can edit and there is only so much one program is authorized to do. In Windows a program can very easily gain access to your entire system and wreak havoc. It is much harder to do this on a UNIX OS.

      1. Don’t confuse the Apple bashers with facts! As far as they’re concerned, even a single OS X exploit is just as bad as decades of non-stop Windoze infections.

  2. Thanks for the post MDN. Whilst not spending sleepless nights agonizing over whether I’ve been infected or not it’s still nice to have a How-to article explaining how to spot if you’ve been infected (I’m not) and how to remove it if you are. A simple enough process of killing its activity from Utilities and trashing the app from the application folder. No need for convoluted AV software.

  3. This particular trojan preys on Windows converts to Macs. These poor soles are so accustom to needing “protection” on there computers that they are more apt to jump on a so-called virus protection scheme for their new Macs. I think most long time Mac OSX users are savvy enough to ignore Mac Defender (at least I would hope so).

    1. There is another group of Mac users who fall prey to this scamware: Those who believe the ongoing FUD Fest that has been blethering on since 2004 that an imminent “flood” of malware is going to hit the Mac any day now. They also lie about a concept called “Security Through Obscurity” which has been proven for years to be a propaganda invention by Windows apologists.

      For 7.5 years, since this dire proclamation was first made, there have been a total of, as of today, 34 Mac OS X malware. ALL of them are either Trojan horses or hacker tools. The end. There is no ‘flood’ of Mac malware. There won’t be either. Why? Because Mac OS X, despite frequent security holes, is fundamentally safer than Windows. Period.

      There will, however, always be Trojan horses the use the LUSER Factor to break into your Mac. With Mac OS X the ‘weakest link’ is the user. Don’t fall for social engineering tricks.

  4. Despite claims to the contrary, the actual name of this malware is:

    MAC Defender (with a space in the name).

    The current variants are:
    MacSecurity (including Windows & Mac GUI versions)
    MacProtector (aka Apple Security Center, aka Apple Web Security)

    The only way to get infected with this rogueware/scamware/scareware is if you INSTALL it into your system. Never install anything before you verify it is legitimate software and have checked out its source.

    At this point, removing the thing involves three fairly easy steps (except for newbies and technophobes). The first website to provide instructions was MacScan:

    MAC Defender Analysis and Removal Instructions

    1. BTW: Using the published standard naming system for malware, the full name of this malware is:

      Trojan.OSX.MAC Defender.A

      Technically there are a total of 4 variants, but focusing on the actual payload Trojan horse, the above name appears to be adequate. This is also called ‘rogueware’, ‘scamware’ and ‘scareware’, but it is fundamentally a Trojan horse.

  5. Get antivirus on your computers, never download anything from the net that is not genuine and always check twice to make sure that it’s what you want from a specific site.

    1. Get antivirus? Sorry, not yet. If there is a 0 day vulnerability exploited in OSX, the antivirus companies still need to release a patch to detect and fix the problem. Then and only then will we need Mac antivirus software. Right now, it’s a wast of time, money and processing cycles.

      1. I agree, as there still has not been a single virus for OS X, it would seem an antivirus would be useless if you follow the second recommendation by bing, “never download anything from the net that is not genuine and always check twice to make sure that it’s what you want from a specific site.”
        If you do that, you don’t need an antivirus.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.