Fake MacDefender

May 2, 2011
aka: Mac Defender

Apple computer owners are being subjected to a number of specialised malware attacks that insists Mac users download a malware version of the popular MacDefender antivirus application, infecting their computers as a result. The infection appears to be targeting people searching Google Images.

To reassure users of the official MacDefender software, it's creator has taken to the official website to warn users of the malware campaign:

IMPORTANT NOTE: As it seems someone wrote a virus/malware application named mac defender (MacDefender.app) for OS X. If you see an application named like this DO NOT DOWNLOAD/INSTALL it. I would never release an application named like this.

Removal

Luckily, disabling and removing the bogus MacDefender application is easy. If you have been infected and want to make sure it no longer resides on your system, follow the steps below:

  1. To ensure you do not automatically download the app, uncheck the following: Safari > Preferences > General > uncheck "Open "safe" files after downloading".
  2. Searching for the application and deleting it directly may fail, saying the app is in use. To stop it running, check Activity Monitor (in Applications > Utilities) and disable anything that relates to MacDefender.
  3. Look in /Library/StartupItems and, same place, LaunchAgents and LaunchDaemons for references to the malware app.
  4. Once quit, head to the Applications folder and drag the MacDefender app to the trash, then delete trash.
  5. To ensure all references to the app are cleared, run a search using Spotlight and delete all MacDefender references you find.

Above information condensed from: http://thenextweb.com/apple/2011/05/02/bogus-macdefender-malware-campaign-targets-mac-users-using-google-images/