The number of malware threats and viruses has been notoriously small for the Mac, but a new piece of malicious software just appeared and it could affect your computer.  MACDefender (also known as Mac Protector or Mac Security) is considered “scareware” and tries to get you to enter your credit card information after scanning your computer for security threats.

This problem is definitely not widespread, so how did it make it’s way to some computers and not others?

It comes across your computer through the web, most commonly through Google search results.  It uses some clever javascript (web code) to tell your browser to begin downloading the software.  If you are using a browser that opens “safe” files automatically after downloading them (like Safari in the picture above), you’re at risk.  There’s one more factor involved: you have to be the administrator of the computer.  It won’t be able to install anything if you’re using a “Standard” account instead of an “Administrator” account.  Here’s what happens in the perfect storm of settings:

  • Javascript starts the download
  • Safari automatically opens it and unzips it
  • It installs itself automatically onto your computer if you’re the administrator
  • It runs a “scan” of your computer looking for “threats”
  • It tells you that it found a few bogus “threats”
  • It makes you pay for a license before you can remove the “threats”

This kind of stuff happens all the time on PCs, but it’s very unusual for something like this to become a widespread issue on the Mac.  Thankfully, there are easy steps to follow to remove the software from your machine.  Apple, unfortunately, temporarily suspended support for this issue while they investigate the problem.  That seems odd to us, but we can help you!

Let MacWorks remove the MACDefender software for you.  We can do it onsite or remotely in a matter of minutes.  If you’re feeling adventurous – you can follow our instructions and fix it yourself by clicking the link below.

  • Navigate to your Applications folder
  • Open the Utilities folder
  • Open Activity Monitor
  • Look for any processes linked to MACDefender (or the other names we mentioned earlier) and quit them
  • Head back to your Applications folder and move MACDefender to the trash
  • Empty your trash
  • Open System Preferences, click the Accounts button, then the Login Items tab
  • Remove anything that references MACDefender
  • Click the magnifying glass in the top right corner of your screen
  • Search for MACDefender to look for lingering files, if you find some, move them to the trash
  • Empty your trash and then reboot

We’d like to point out that this single piece of malware is not a good reason to be concerned about the security of the Mac.  The platform is as secure as ever — proven by how easy it is to remove the malicious software versus a Windows machine.  That doesn’t mean you shouldn’t run virus software (would you be surprised if I don’t?) but it means that you should be a little safer with your daily internet activities.  Here are several steps that you can follow to prevent this situation in the future:

  • Use a “Standard” account instead of an “Administrator” account on a daily basis
  • If you use Safari as your browser, make sure you uncheck open “safe” files after downloading in the preferences
  • Don’t visit random websites and download nefarious files
  • If you’re ever prompted to enter your password, make sure you know why before doing it