May 2, 2011

Please be aware of the MAC Defender application, this application downloads itself when visiting maliciously crafted websites. If your Safari or other browser is set to automatically open downloaded files an installer window will open. Since it is the Mac OS installer application it looks familiar so most people click right through it. Once installed the MAC Defender application window will open and present itself as an anti-virus program that finds numerous viruses on your system.

While browsing the web, the following (or similar) website might pop-up:

Once the "scan" is completed it will display a dialog:


At this point it doesn't matter if you click 'Cancel' or 'Remove All', it will download the file "anti-malware.zip", unzip it for you into "MacProtector.mpkg" and start the installer.

The installer will ask you for your name and password:

Once the files are installed the following window will appear:


Quickly followed by the application's main window:


At this point random warning alerts will show on your screen like these:


One of the following dialogs will tell you the copy is unregistered and gives you an option to register:


This is where the real scam begins. A window will show asking you for payment details:

Once a payment is made the virus warnings will disappear making you think that by paying for the software everything is taken care of. In fact, you just paid for an app that does nothing to protect yourself from viruses that are not really there.

Read Apple's instructions on removal of the app.