Mac fake anti-virus attack adopts new disguise

New versions of the latest malware to hit Mac OS X users has come to light, following the discovery earlier this week of fake anti-virus attacks being spread by SEO poisoning.

Fake anti-virus (also known as scareware) is commonly encountered on Windows, of course, but until now has been rarely encountered on the Apple Mac platform.

The new variants, seen by SophosLabs, are calling themselves “Mac Security” rather than their previous disguise of pretending to be “MacDefender” (which, incidentally, is the name of a genuine security product for the Mac – adding to the confusion).


Mac Security fake anti-virus. Click for a larger version

When I ran the fake anti-virus on a test machine it claimed that a number of innocent files, including Mozilla Firefox, were infected by viruses and told me I would have to register the program in order to cleanup the “infections”.


The fake anti-virus tells you that you need to pay money to get a version which cleans-up malware. Click for a larger version

It’s precisely these kinds of scare tactics which are regularly used by Windows-based fake anti-virus attacks to hoodwink innocent users into handing over their credit card details. Clearly whoever is responsible for this latest spate of attacks believes that there are rich pickings to be made from Mac users too.

Sophos detects the latest variants as OSX/FakeAV-DOE, and as we continue to encounter more waves of this attack we will enhance our detection to protect Mac users.

If you’re not a Sophos customer, but have a Mac at home, you can protect your Mac right now if you download our free anti-virus. It’s automatically updated to protect against the latest threats.

DownloadFree Anti-Virus for Mac
Download Sophos Anti-Virus for Mac Home Edition

<advert>
Oh, and did I mention that our free Mac anti-virus product recently won a rather prestigious award? 😉
</advert>