Another Sign that OS X has come of age. Or maybe a Sign the End Times are near. {UPDATED}

For years, Mac fanbois users have maintained that their platform is inherently safer, in no small part because there was no malware “in the wild”* targeting the OS. The other myth assertion is that Macs are “immune” to malware, that systems can’t be automatically infected.

Well, in a sign that the Mac has finally come of age, and caught the eye of the world’s cybercriminals, a new fake anti-virus has been discovered. Named “Mac Defender”, it targets – you guessed it – Macs! A compressed ZIP file, it can be obtained two ways: either the user can be directed to a download site, or it may be delivered via Google Image searches.

And, here’s the kicker: if you have “Open Safe files after downloading” enabled in Safari, the code will auto-install! Fortunately, this is an early release, so the authors failed to remove the standard uninstall option – the app shows up in the “installed applications” list! I suspect this will be fixed in future releases, though.

{Update: Dwight Silverman notes over at TechBlog that the auto-install still asks for the password of an administrator-level account, so it is not a true auto-install. However, the article he quotes also states that “inexperienced users may be fooled into thinking the software is legitimate.” I suspect a future installer will bypass the need for Administrator credentials (it is easy to install software on a Mac without them – simply drag and drop the application package into the Applications Folder.)}

The purveyors of this program are either very proud of their product, or maybe they’re trying to recoup their costs quickly: during the installation, the software attempts to charge your PayPal account $99!

And, lest you think this is just a one-off: there’s more! There is a “DIY crimeware” kit available for OS X, for you budding cyber-criminals out there. It is being sold under the name of “Weyland-Yutani BOT”, and indications are that it uses the same templates as the ZeuS code.

So, Mac users out there, I just have one question I would like to leave for you to think about:  Do you feel lucky today?  Well, do you??**

(h/t SANS Internet Storm Center)

(cross-posted on eTee Too)


* This is actually not true, as there have been several different strains available for over a year.
** Howls from the Mac fanboi community will begin in 3… 2… 1…


This entry was posted in InfoSec and tagged , , , , . Bookmark the permalink.