Rogue AV targeting Mac users - MACDefender
SonicWALL UTM found reports of a new Rogue AV application called MACDefender targeting Apple's Mac OS X users.
As seen in the past, Rogue AV cyber-criminals are known to take advantage of latest news stories that interests large user base by poisoning Google search results. When an unsuspecting user clicks on these search results it leads them to download of Fake AV malware as seen in the past: Valentines Day, Wikileaks and Holiday Shopping Deals.
Following are the screenshots showing MACDefender infection if the user runs the file:
If the user attempts to clean the infections it will prompt the user to buy the software and enter a Serial Number which were easy to find inside the payload itself as seen below:
Besides displaying Fake infection alerts, it also opens pornographic websites in the browser randomly from a predetermined list.
SonicWALL Gateway AntiVirus provides protection against this Rogue AV malware via the following signatures:
- GAV: MacDefender.A (Trojan)