Skip to main content

MacDefender malware variant scuppers OSX update

It's starting to look like the days of Apple users remaining insulated from malware attacks might just be numbered.

There have, of course, been attacks on OSX-driven hardware before now, but the current crop of malware creators are demonstrating a hitherto unprecedented level of tenacity when it comes to phishing for Mac fan credit card details.

Just hours after the Cupertino company released a security update which killed all known versions of the MacDefender social engineering trojan, ZDNet (opens in new tab) says it has unearthed a new variant which bypasses the update.

It won't long before the Apple operating system's File Quarantine software catches up with its new daily malware identification checks, but it seem that new battle lines have been drawn between Apple users and those seeking to get at the core.

Apple users have been cosseted by a kind of 'security by obscurity' which meant that most criminal hackers were content to go after the much larger Windows herd in the hope of picking off a weak straggler. Macolytes were generally seen as tech savvy nerds unlikely to fall for the kind of social engineering which would lead them to expose their credit card details in exchange for some bogus anti-virus software. But the halo effect of Apple's wildly popular gadgets like the iPod, iPad and iPhone has brought a new breed of Mac buyer into the fold.

The new variant of the well-documented MacDefender malware was released just eight hours after Apple released the trojan-busting security update and, like the previous versions, it needs no administrator password to do its dirty deeds.

It does, however, require the user to be daft enough to believe a poisoned web page when it says that their Mac has all sorts of nasty diseases.

Here's a video of the original MacDefender trojan in action. If you've experienced anything like this, you really need to install the latest security update (opens in new tab) from Apple.

If you've been collared by the new variant, called Mdinstall.pkg, after installing the latest Apple update, there are manual instructions on how to remove the infection here (opens in new tab), bearing in mind you'll need to replace references to 'MacDefender', 'MacSecurity' or 'MacProtector' with 'Mdinstall'. monitors all leading technology stories and rounds them up to help you save time hunting them down.