Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Apple advisory on "MacDefender" malware SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apple advisory on "MacDefender" malware

Looks like Apple noticed that "MacDefender", a fake anti-virus tool that we covered earlier, is indeed starting to make inroads on the Mac user community. They have published an advisory today that describes how to "avoid" or "remove" the threat.

The advisory also states "In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware" which might turn out to be the first glimpse of an acknowledgment that yes, Macs can also have malware, and yes, Macs might even need a tool to remove malware. 

No matter which OS you are using, remember Krebs's Rule #1: If you didn't go looking for it, don't install it.



385 Posts
ISC Handler
May 25th 2011
Here is a script that works, you have to select the macdefender application from app folder, it will stop the process from running and then move it to the trash. It is quick one.. We have another but since that is automatic we are still testing. This however worked well.

11 Posts
prior to that apple denied any support about that:
27 Posts

Sign Up for Free or Log In to start participating in the conversation!