Mac users targeted by fake antivirus tool

Mac users targeted by fake antivirus tool

Summary: Mac users are being warned downloading a "free" rogue security application, MacSweeper, which guarantees to find a virus on Macs it is installed on will only lead to a lighter wallet.


Mac users are being warned against downloading a "free" rogue security application, MacSweeper, which guarantees to find a virus on Apple systems.

False positives: MacSweeper guarantees to find a virus.

Finnish security company F-Secure says the application is reminiscent of scams that often target Windows users.

By making the intended victim believe they have a virus, the distributors of MacSweeper hope to sell software to the concerned user. Should a user make a purchase, they will find themselves paying for software that simply doesn't work.

"It claims to clean your Mac from compromising files and it will always find something to fix/clean but the only way to do so is to buy the program," explained F-Secure threat response manager, Patrik Runald, on his blog.

"They're designed to trick people into thinking that they have security problems and that the only way to solve it is to buy the software. Up until now this has been a Windows-only problem but that's not the case anymore," said Runald.

Runald blames the increasing user base of Mac OS X for the emergence of such scams.

"Mac users will increasingly come under attack from bad guys and this new rogue application and the constant stream of new variants of [Mac trojan] DNS Changer is proof of that. It doesn't mean that Mac is becoming less secure in and of itself. But it does mean that Mac users will have to watch out for social engineering tricks just like Windows users have had to do for years," he said.

The distributors of MacSweeper -- who claim to be a company called KiWi Software -- are also fleecing Symantec: Runald said they have copied the security company's "About Us" blurb and replaced its name with their own.

Late last year security vendor Intego claimed to have found the first trojan targeting Mac OS X Tiger, DNS Changer. The malware distributors attempted to infect Macs by offering a video streaming decoder -- a codec -- that the distributors claimed could decode porn that was not viewable through Quicktime. Like this latest scam, the distributors used social engineering techniques to trick users into downloading the software.

The trojan worked by changing a Mac's DNS settings to redirect victims to porn Web sites. F-Secure later reported it had discovered 32 variants of the trojan, and said it was related to the group distributing zlob.

Topics: Apple, Hardware, Security, Symantec

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • All truth about MacSweeper

    A Deeper Look On MacSweeper, with developer comments:
  • Why wouldn't someone want to target Mac users?

    They generally pay more for their hardware, so it could possibly be assumed that they have more money than the average user who buys hardware... If I was a blackhat I would be zeroing in on this group specifically to exploit them.