CNET también está disponible en español.

Ir a español

Don't show this again


MacDefender taking on more names of legitimate software packages

The criminals behind the MacDefender scam software are changing its name frequently, in an attempt to confuse Mac users and have them fall for the trap.

The MacDefender developers are continuing to uphold their criminal attempts to steal Mac users' information by changing the name of their scam software yet again. So far they have been using the naming scheme of the word "Mac" followed by a security-related word such as Defender, Security, or Protector. The latest name to be used for this software is MacShield, and as with the other names appears to be a drop-in change to the same interface used in the other malware. Unfortunately, beside being confusing to users, this naming scheme is adversely affecting legitimate Mac developers who have provided constructive software packages to Mac users over the years.

MacShield variant of MacDefender
The new variant of MacDefender is the same scam software but uses the name "Mac Shield" (click for larger view).

The name MacDefender was originally the Web site name for the developers of the geocaching tools GCStatistic, DTmatrix, GPXFilter, BuildGPX, and GEDCOMmod, all of which are legitimate tools for managing GPS waypoints and other GPS data for geocaching activities. In addition, the new name MacShield of the latest malware variant is the same name for the legitimate security software created by Centurion Technologies.

Beside these two, there are other Mac developers that have used a similar naming scheme and who therefore may also fall victim to confusion by the scammers. Prominent ones include MacScan and MacKeeper, both of which are legitimate malware removal tools for OS X.

Ultimately these name changes just demonstrate that the malware developers are milking their product for all they can, but in addition it serves as a warning that malware developers can use any name or scheme to mask their attempts and try to coerce users into their traps. While currently they are using the one naming scheme, they could easily switch to another with a new interface and approach to fool Mac users.

As these changes to malware are happening, Apple and legitimate malware detection companies will undoubtedly update their malware definitions to detect these threats, but the best approach to securing one's system is to develop some street smarts when browsing the Web. If you see a warning or a scan result appear on your screen that you did not expect, as yourself the following questions:

  1. Did you install this?

    Know what is on your computer, and if you did not install a scanner or a program you suspect, then close it down and check it out by searching the Web or visiting support forums like the Apple Support Communities to see whether or not others are seeing the same messages.

  2. Is it a Web page?

    Close all browsers on your system to see if the scan or warning goes away. If so then you know it was a scam and should not be trusted.

  3. Do the mentioned files exists?

    Many scam software attempts will claim they found infected software, or are trying to access specific files on your system and will even list those files. Perform a spotlight search to see if these files exist on your system (they likely will not). Even if a scanner appears legitimate, if you find you have to provide something to the scanner in order for it to complete its job (even an admin password), then it should not be trusted.

  4. Is it asking you for something?

    The biggest way to spot a scam is to see whether or not the warning is ultimately asking you for something. Does it want you to upgrade, pay for a license, install a program, or visit a specific Web site? If so, then do not trust it and close it down.

Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.