Intego warns of rare Mac scareware

Security experts are warning of a "new and extremely rare" fake anti-virus scam dubbed MAC Defender targeted specifically at Mac users.

Fake anti-virus or scareware has been around for several years, gaining in popularity among cyber criminals who see it as a quick way to make money out of victims.

In fact, it has become so popular that around 12 per cent of all malware detected in the wild last year was fake anti-virus, according to security vendor Panda Security.

However, scareware almost exclusively targets Windows PCs, so this discovery by Mac security firm Intego is potentially the first of its kind aimed at conning Mac users out of their money.

Cyber criminals get the Mac Defender app onto victims' machines by using blackhat SEO techniques to lure them into clicking on malicious links.

They are sent to a fake Windows screen with an animated image showing a malware scan. A window then tells the user that their computer is infected, before JavaScript on the page automatically downloads a compressed file containing the MAC Defender installer, explained Intego in a blog post.

"Upon installation, the application adds itself to the user's Login Items, so it will relaunch each time the user logs in or starts up their computer. The application itself cannot be quit easily, as there is no Dock icon," the firm said.

"This application is very well designed, and looks professional. There are a number of different screens, and the grammar and spelling are correct, the buttons are attractive, and the overall look and feel of the program gives it a professional look. It will occasionally display alerts, telling users that viruses are found."

The app also periodically opens web pages of pornographic sites in what is apparently another effort to trick users into thinking they have malware on their machines and to persuade them to click on the register button of the app where they can purchase a 'licence' for the program which will supposedly protect them.

"The scam here is to charge users for a program that doesn't do anything; the virus warnings presented are bogus, and after paying, they no longer display, so users think the program has done something useful," said Intego.

"It is also possible that these credit card numbers, given via an unsecure web page, could be used for other purposes."

The news comes as security researchers in Denmark warned of a potential tsunami of information-stealing malware targeted at Mac users after they discovered the first crimeware kit aimed at the OS X platform being sold on underground forums.