Well, it took them long enough. Apple has finally acknowledged the existence of the MAC Defender trojan, and has offered removal instructions. The company has also promised a security update to Mac OS X that will block MAC Defender and its variants from working. All this information was published in the form of a support document on Apple’s website. Update: Well, that was fast. A new variant of the trojan, called Mac Guard, has been discovered. Unlike previous variants, this one does not require users to enter their administrative password.
Late last week, Ars Technica found out that Apple’s official policy towards the rise of infections with MAC Defender was to simply ignore its existence by not even telling customers when the trojan was found. This ‘don’t ask, don’t tell’-policy rightfully netted the company a lot of criticism, especially since it left users vulnerable who could’ve been protected by actually informing them of the threat. In a move best described as better late than never, the company has now done exactly that.
“A recent phishing scam has targeted Mac users by redirecting them from legitimate websites to fake websites which tell them that their computer is infected with a virus. The user is then offered Mac Defender ‘anti-virus’ software to solve the issue,” the support document reads, “This ‘anti-virus’ software is malware (i.e. malicious software). Its ultimate goal is to get the user’s credit card information which may be used for fraudulent purposes.”
Apple offers removal instructions for MAC Defender, which basically come down to quitting the trojan’s service through Activity Monitor, removing it from
~/Applications, and deleting it from your startup applications. PRetty straightforward for us nerds, but I’d say us nerds probably wouldn’t get infected in the first place.
Apple also announced that it will release an update for Mac OS X to block the trojan from working in the first place. “In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants,” the company sates, “The update will also help protect users by providing an explicit warning if they download this malware.”
Well, a good response, but more information from the get-go would’ve been nice. Some call this ‘decisive action’, but I’d say that when it comes to security, having a policy not to inform your users for weeks on end while they are getting infected is not exactly what I would call ‘decisive’.
But hey, what do I know.