The best lies always begin with a kernel of truth. Whereas there is a small Mac developer that operates under the MacDefender name, there’s a decidedly less savory operator who’s distributing scareware using that name and some Mac users have been victimized. If you’re among them, here’s how to get rid of this malware wolf in antivirus clothing.
There are several threads on Apple’s User Forums discussing an active malware threat on the Mac — MacDefender. This is a scareware app that’s embedded in a webpage that tells the user there’s a virus and the MacDefender can identify and remove the infection — after payment has been extracted.
This is a classic Windows PC scam — there is no infection, MacDefender is designed only to extract payment, nothing more — and it’s being perpetrated against Mac users.
If you’re a victim, here’s how to get rid of the whole kit and caboodle:
• Open Activity Monitor in the Utilities Folder (Command + Shift + U)
• Quit any and all “MacDefender” processes
• Using Spotlight (magnifying glass), search for MacDefender
— Select “Show All in Finder”
• In the resulting Finder window, make sure you’ve chosen the above options
• Move all of the found items to the trash, including the installer
• Empty the Trash, restart your Mac
The only way the MacDefender scareware can install is if you let it, by clicking OK. Again, there aren’t any Mac viruses and there’s no way a webpage could identify one.
If MacDefender or any other scareware says its found malware on your Mac, do not click OK — force quit the browser (Command + Option + Escape) and be sure to send Apple the report when OS X gives you the chance
Finally, the little guy developer MacDefender has released a statement about the ongoing scareware attacks: “As it seams someone wrote a virus/malware application named mac defender (MacDefender.app) for OS X. If you see an application named like this DO NOT DOWNLOAD/INSTALL it. I would never release an application … like this.
Again, MacDefender can’t do anything if you don’t let it. So, don’t let it…
What’s your take?