Skip to main content

Fake anti-virus scanner targets Mac users

Criminals have been using fake anti-virus scanners to fool Windows users into parting with cash for years, but it now looks Mac users are being targeted by the sophisticated social engineering scams.

Insecurity experts at Sophos are warning that a newly spotted strain of the insidious malware is using Google image searches to fool unwitting Mac users into believing their hardware has been tampered with.

Searches for popular terms like 'Osama Bin Laden' and 'global warming' are reportedly delivering fake anti-virus warnings. Mac users who aren't tipped off by the fact that the Java-based exploit appears to be a Windows XP security alert are invited to download and install a malicious package pretending to be a legitimate version of real AV software, in this case MacDefender.

Running the scanner doesn't actually access the hard drive but will report lots of scary problems in deep level bits of the Mac which most casual users might not understand including the Terminal application and the Unix shell on which OSX is built.

The malware will also try to convince you that your credit card details have been compromised, something that almost certainly will happen if you agree to buy the the fake software which is offered in order to fix the 'problem'.

"This new attack may trick Mac users, as it poses as a legitimate security program called MacDefender," said Graham Cluley from Sophos. "Once your computer is infected, the malware will continue to bombard users with fake warning messages to encourage them to pay for non-existent threats to be removed. If computer users are concerned about the security of their machines, they should go directly to a legitimate IT security site."

We've been Googling for 'Osama Bin Laden' images for the past half hour and haven't been able to replicate the attack, but that doesn't mean it's not out there.

Our best advice is, if you get a virus warning you didn't initiate by running your own AV software on a Mac, ignore it.