New MAC OS X scareware delivered through blackhat SEO

New MAC OS X scareware delivered through blackhat SEO

Summary: Researchers from Intego have intercepted a new scareware sample targeting the MAC OS X.

SHARE:

Researchers from Intego have intercepted a new scareware sample targeting the MAC OS X.

Named the MACDefender, the scareware sample shows a bogus interface, insisting that the end user is infected, and that their OS is in an insecure state. The researchers emphasize on the social engineering elements of the scareware, including the fact that although the site shows a fake Windows screen, the scareware itself is a well designed Mac application with no spelling or grammar mistakes in its description.

The scareware will periodically open pornographic content on the affected Mac, in order to trick the users into thinking they're infected with malware. The scareware is sold for $59,95, part of a scareware affiliate network targeting Mac OS X users in particular.

Users are advised to exercise extra caution when dealing with suspicious downloads, especially ones delivered through blackhat search engine optimization techniques.

See also:

Topics: Software, Apple, Malware, Operating Systems, Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

103 comments
Log in or register to join the discussion
  • LOL

    And so it begins.
    Hallowed are the Ori
    • RE: New MAC OS X scareware delivered through blackhat SEO

      @Hallowed are the Ori

      begins? malware is not new on Macs.

      This one is so good it even requires an admin user name and password to get installed and run :-)
      doh123
      • RE: New MAC OS X scareware delivered through blackhat SEO

        @doh123

        Just like most scareware on Windows. Also I think you will find that most unsuspecting computer users will fall for this and escalate the privileges just like they do on Windows.
        bobiroc
      • RE: New MAC OS X scareware delivered through blackhat SEO

        @doh123 [i]This one is so good it even requires an admin user name and password to get installed and run[/i]

        Whew... I was worried there for a second. But you've convinced me that there are no gullible Mac users. Thanks for that. ;)
        Badgered
      • RE: New MAC OS X scareware delivered through blackhat SEO

        @others
        You shouldn't read into things, I just implied its funny, not that its different than Windows, or good or bad or whatever.
        doh123
      • RE: New MAC OS X scareware delivered through blackhat SEO

        @doh123

        Hard to get humor out of text sometimes. I guess after years of hearing Mac Users and Linux users saying "Well it requires admin privileges to run" as an excuse to make them feel like they are protected it has to be said that the majority of Malware on the Windows side does too.
        bobiroc
      • RE: New MAC OS X scareware delivered through blackhat SEO

        [i]I guess after years of hearing Mac Users and Linux users saying "Well it requires admin privileges to run" as an excuse to make them feel like they are protected...[/i]

        It still does, bobiroc. Been using Linux for almost five years now and am still malware free. If that scareware appeared on my Linux screen, I'd laugh.
        ScorpioBlue
      • RE: New MAC OS X scareware delivered through blackhat SEO

        @ScorpioBlue

        [i]"It still does, bobiroc. Been using Linux for almost five years now and am still malware free. If that scareware appeared on my Linux screen, I'd laugh."[/i]

        I have been using Windows as my primary OS since version 3.0 and have been Malware free for over 10 years. I would laugh too if I ever saw such a thing. The problem is most typical computer users would not as these things are very convincing and prey on the insecurities of people. It is the same reason that people fall for the very popular social engineering attacks that are running rampant on Facebook, Twitter, and Skype which can affect anyone no matter what Operating System they use.
        bobiroc
      • RE: New MAC OS X scareware delivered through blackhat SEO

        Ah, but the big difference bobrioc is that I don't have to have anti-virus or anti-malware scanners running in the background all the time. All my software needs are met through the package repository. <br><br>You should try it sometime. Might open your mind up some.
        ScorpioBlue
      • RE: New MAC OS X scareware delivered through blackhat SEO

        @ScorpioBlue

        [i]"Ah, but the big difference bobrioc is that I don't have to have anti-virus or anti-malware scanners running in the background all the time. All my software needs are met through the package repository.

        You should try it sometime. Might open your mind up some. "[/i]

        Who said I was unfamiliar with Linux? All I said is that Windows is my primary OS but I have and use a MacBook bootcamped with OS 10.6 and Win7 and while I am not a Linux expert by any means I do use the OS both personally and professionally.

        People have been saying you do not need Malware protection on a Mac for years too because they felt the OS would protect them but those days are slowly changing. While I will admit that XP really could done a bit of a better job in terms of similar security Vista and 7 do a pretty damn good job. If people would set up their users as standard that would be a good start.

        I choose not to use Linux as it does not meet my software needs but I also am intelligent enough to know that I need to rely on myself to secure my computer, my home, and my car. Most people are just not willing to put forth the effort for their own personal security and have the "It will never happen to me" attitude.
        bobiroc
      • but the need for admin privileges is important

        The need for admin privileges is a good thing, obviously. But since most Macs are personal, home machines ... or those of students ... it's not likely to mean much. Far too many home users will blindly enter their admin credentials when confronted with a dialog box, without giving any thought to what they're allowing to be installed.

        Admin privileges are especially effective in corporate environments, however, where end-users typically don't have admin rights. I don't allow our end-users to have admin accounts. Only IT staff can access an admin account, but even they are required to use a standard account for daily work and only escalate to admin when needed.

        Such a process would prevent -- and does prevent, in the Windows world -- countless infections. But home users all tend to know the admin password ... and conveniently don't read or think about the dialogs.

        Hard to blame Apple or Microsoft for users' own stupidity. Then again, though, it would be good if Apple & MS would sandbox newly-installed (or just user-installed) apps and monitor them for malicious/suspicious behavior and perhaps only allow read-only access to files for sandboxed apps.
        jscott69
      • RE: New MAC OS X scareware delivered through blackhat SEO

        @doh123 The very first virus i saw in the wild was on a Mac. Long before even the Internet.
        fairportfan
      • RE: New MAC OS X scareware delivered through blackhat SEO

        @doh123 Funny how Apple poked fun at Cancel or Allow and it's the same ****. If you get a user to believe there's a threat they won't have a problem with doing this. This is how a lot of malware spreads in the windows world.
        snoop0x7b
      • Didn't I tell you not to base your information on things you find...

        @ScorpioBlue; <i>Ah, but the big difference bobrioc is that I don't have to have anti-virus or anti-malware scanners running in the background all the time.</i><br><br>...on the Internet? You'll be much more qualified to discuss these things based on actual experience and not some repetition of one of the worst security recommendations to be found.
        ye
      • That's OK ScorpioBlue

        @ScorpioBlue
        so this was geared towards "AV". What if it comes up with a "system alert funtion" of some type that a user may think is a problem needing "correction"

        They'd press the button saying "Macs are great - they even warn you when it detects a hardware issue!! Windows just Blue Screens!"

        "Yes, username, password,"
        Bill Pharaoh
      • RE: New MAC OS X scareware delivered through blackhat SEO

        [i]...on the Internet? You'll be much more qualified to discuss these things based on actual experience and not some repetition of one of the worst security recommendations to be found. [/i]

        You still haven't answered my questions in that other thread ye, so you're not one to talk. Come back when you've left that basement.
        ScorpioBlue
      • It was answered. The problem is you didn't like the answer.

        @ScorpioBlue: <i>You still haven't answered my questions in that other thread ye, so you're not one to talk. Come back when you've left that basement.</i><br><br>So you've opted to stick your fingers in your ears and go "lalalalalalalala". And I predict you'll do it again in response to this post of mine.
        ye
      • RE: New MAC OS X scareware delivered through blackhat SEO

        [i]go "lalalalalalalala"[/i]

        Is that what you do, @ye? When you're caught with your pants down?

        :D
        blind obedience
      • RE: New MAC OS X scareware delivered through blackhat SEO

        bobiroc wrote:<br><br><i>Just like most scareware on Windows. Also I think you will find that most unsuspecting computer users will fall for this and escalate the privileges just like they do on Windows.</i><br><br>It does? I think in order for scareware to get installed on Windows (assuming you're using Vista or newer) is to click on a Yes/No dialog. With the exception of logging in, I've never been prompted for my username/password.
        WarhavenSC
    • RE: New MAC OS X scareware delivered through blackhat SEO

      @Hallowed are the Ori I don't know this is going to work on Mac users. On the PC users are conditioned to expect such UI elements (Antivirus is usually preinstalled on the system). On the Mac users won't really be expecting such things.

      This isn't a technical issue (not Windows vs Mac) but actually one of "user expectation". PC users do see security popups a lot, and if you can make something LOOK right then you might fool the user. Mac users are NOT used to security alerts, I'm not sure what they'll make of this (I suspect they'll restart the system rather than anything else).

      Maybe I'm wrong.
      jeremychappell