A few days ago, Apple finally acknowledged the existence of the Mac Defender malware which has already victimized a lot of Mac users. Apple has also announced that they will soon be issuing a software update that will specifically detect and remove the Mac Defender malware and any of its variants (Mac Security, Mac Protector).
For those who haven’t heard or aren’t aware of the Mac Defender, it is malware (malicious software) masquerading as an anti-virus program. It is not a virus, worm or Trojan but a type of malware classified as scareware (scam software) that uses scare tactics to trick users into giving out their credit card information and pay for a useless or worthless program.
Here’s a demo video on how the Mac Defender malware works:
If you haven’t been yet infected or victimized here are some tips on how to avoid installing the Mac Defender malware.
How To Avoid Installing Mac Defender
- If notifications about viruses or security software appear on your Mac, immediately QUIT or CLOSE the web browser that you’re using. If you can’t close it, do a Force Quit on the browser.
- For some cases, the browser automatically downloaded and launched the malware installer. If that happens, cancel the installation process and DO NOT enter your administrator password.
- Delete the installer from the Downloads folder or specified download location, drag the installer to the Trash bin and Empty the Trash.
- Open Safari go to General Preferences and uncheck “Open ‘safe’ files after downloading” option. (You should also do the same for other web browsers installed on your Mac)
If your Mac has already been infected by this malware, below are steps on how to remove the Mac Defender malware.
How To Remove Mac Defender
- Move or close the Mac Defender scan window.
- Go to the Utilities folder on your Applications folder and launch the Activity Monitor.
- Choose “All Processes” from the pop up menu, found on the upper right corner of the window.
- On the Process Name column, look for the following app names – MacDefender, MacSecurity or MacProtector.
- Click on Quit Process on the upper left corner window and click on Quit.
- Close the Activity Monitor application.
- Open the Applications folder.
- Locate the app – MacDefender, MacSecurity or MacProtector.
- Click on the app and drag to Trash, then Empty the Trash.
The Mac Defender malware also installs itself as a login item on System Preferences. Removing it is not necessary but if you want to remove it, here’s how to do it:
- Open System Preferences, select Accounts, then Login Items.
- Select the name of the app – MacDefender, MacSecurity or MacProtector.
- Click the minus button (-).
Reports say that there are new Mac Defender malware variants that don’t even need the user’s administrator password and automatically installs itself into the system. To avoid being victimized by these types of malware and scareware, make sure you’re familiar with the interface of the antivirus/internet security program installed on your program. Never install software/programs that you’re not familiar with. When you visit a website and it suddenly displays a webpage or window that looks like its scanning your Mac for viruses, that’s bogus! Immediately leave the page and quit your web browser. If something was already downloaded, just follow the steps provided above.
Hope this simple tutorial will help you avoid or remove the Mac Defender malware from your Mac. If you find this useful or know of someone, a family member, relative, friend or co-worker who might find this useful, please don’t hesitate to bookmark and share this with them.
[via Apple Support Forums]