Mac Defender fake antivirus software is first major attack on Apple computers

The old saw that Macs don't get viruses is under fire as a piece of malware called Mac Defender is rampaging across the Web.

Richard Trenholm Former Movie and TV Senior Editor
Richard Trenholm was CNET's film and TV editor, covering the big screen, small screen and streaming. A member of the Film Critic's Circle, he's covered technology and culture from London's tech scene to Europe's refugee camps to the Sundance film festival.
Expertise Films, TV, Movies, Television, Technology
Richard Trenholm
2 min read

The old saw that Macs don't get viruses is under fire as a piece of malware called Mac Defender is rampaging across the Web. Claiming to be antivirus software, Mac Defender and its variants pretend to clean up your computer -- but all they're after is your cash. 

Mac Defender is fake antivirus software that dupes Mac owners into handing over their credit card details. It's the first time these tactics have been employed to attack Macs, according to Intego, the Web security firm that identified the malware -- attacks of this kind usually deliver dodgy Windows programs.

Mac Defender looks like a well-designed, real piece of software, fooling users into installing it. Once it's on your Mac it starts opening porn sites to make you think you have a virus, and informs you of nasty spyware where in fact there isn't any.

If you enter your credit card details and pay for a subscription, the software stops with the porn, making you think it's defeated the non-existent virus. The cunning rascal! Basically it's like that bit in The Lion King 2 where Kovu's pride put Kiara in danger so Kovu can manufacture a brave rescue. Yes, it's exactly like that.

There are a number of other variations on the malware, including versions called Mac Security and Mac Protector.

These scareware programs are spread through SEO (search engine optimisation) poisoning sites, which use SEO tricks to push websites to the top of search results. Those sites pop up warnings that a virus has been detected and automatically downloads the sketchy software.

To avoid being stung by Mac Defender and the like, make sure you only download software from trusted sources, and never continue with installation if software starts trying to install itself. Intego also recommends unticking your browser's option to open files after downloading.

If you have been tricked into installing Mac Defender or one of its evil clones, you should be able to remove it by deleting the app from the Applications folder. If it tries to stop you, open up Activity Monitor -- search in Finder if you don't know how to find it -- and you'll see all the processes your Mac is carrying out. Click on Mac Defender and hit the big red Quit Process button at the top. Then delete the app.

Have you been stung by Mac Defender? Let us know in the comments. With hackers finally cottoning on to Apple users, is this the beginning of the end for the legendary virus-free Mac?