Learn about the Mac Defender/Mac Protector trojan horse malware attack. See how it works. Find out how to protect yourself from it. Watch step-by-step how to remove it. This piece of malware tricks you into download and installing it with frightening, but completely fake, virus warnings. What it really wants is your credit card number. Fortunately it is easy to avoid and easy to remove.
You can also watch this video at YouTube (but with ads).
Be sure to check out MacMost’s Virus and Malware Information Center for up-to-date information about threats to your Mac.
My 11-year-old son was downloading a game last week that he had permission to get. While doing so and not paying attention, he clicked on this virus. Luckily, I had already warned him of it and he immediately got me and we followed the directions for removal and have had no more trouble. As I was removing it, however, I was bombarded with links to gay porn sites and requests to "update" my "anti-virus" software.
I got lucky that the porn sites didn't pop up when I was doing this. I couldn't have used that footage if it happened, obviously. Perhaps that only happens after a few minutes?
I got it too!!! How annoying. Thank goodness realized it and didn't give my credit card number.
I have this trojan,and followed what Gary said to do, but it will not go from the forced quit in my activity process. what shall i do now?
Try force quitting again. What happens when you do so? Exactly.
Please, hide the redirection address...
Why? Are you compelled to type it?
Good podcast Gary. I've Tweeted the link: http://bit.ly/iU0NXD
I just saw it: making an image search for "octavarium", the first image in the google search leads you to it.
Gary I had this pop up as well a couple of days ago. Not knowing what it was and being very suspicious of it since OS X currently has no known viruses, instead of clicking on anything on the page, I just quit Safari. Do you see anything wrong with that?
That's fine.
What if I am using Firefox? Is Firefox a good browsers to use?
Doesn't really make a difference which browser you are using.
With all the attention this MalWare is getting, has anyone been able to trace the fake website back to whomever is gathering this credit card information? Is that even possible?
Probably not. This same type of scam has been around in the Windows PC world for a long time. It is only getting attention now because there is a Mac version.
This can be seen as a good sign for Apple - the Mac has finally reached a point where these malware creators believe that it's finally worth their time and effort to create such an elaborate hoax. As Gary points out, you still have to enter your password during the install process so you should not install it by accident. This can be good PR for the App Store too where everything is pre-screened.
Yikes - I didn't realize I shouldn't have the "Open 'safe' files after downloading" box checked in Safari Preferences (General). When do you WANT to have it checked - only when you know you want to download something?
Now that this thing exists, you NEVER want it checked. You can open the files yourself after downloading. It is just an extra step.
Thank you Gary! I thought it looked valid when I was working in Firefox but it wasn't until I had entered my password that I realized I had been tricked.
hi gary, greetings from Littleton. Im a new Mac switchee after 26 years on PCs of all flavors, and other than the little things so far so good. MD reminds me of Windows Security Suite, ransomware that looks official, but once on the PC it sets up a false IE proxy that locks out the user out from running anything except the scam. I fell for it lock stock and barrel. anyway good videos, very informational. JB
mac defender is this the only name I can be traped in?
I have an non ordered anti virus from Avira. This must be the horse?
It goes by the names Mac Defender, Mac Protector, Mac Security and Mac Protector.
About the same time this hit us, a similar problem hit Windows users. It disguised itself as a Windows malware scanner and requested you buy it to use it and was stealing credit card info. It even had the Microsoft Authentic Software logo.
Told my sister to buy a Mac before she bought her Sony Vaio.
HELP! Gary. Please advise! This (Mac Defender) just popped up as I was in my Yahoo email account via Firefox. It happened so fast that I couldn't see where it came from. I recognized it from your video & article (previously seen). I did not click on anything, and just tried to quit Firefox, but couldn't. I turned off my MacBook, and then rebooted, and went to Safari, which seems fine. How can I clear it from Firefox? What is safe and effective to do at this point? (By the way, when I go to the Yahoo email via Safari, it seems okay. I don't see that image.) Please let me know. Can you send me an email? Thanks.
No need to turn off your MacBook. Just force-quit Firefox using either Command+Option+Esc or the Activity Monitor.
It isn't "in" Firefox. It is just that on some web page you are viewing there is malicious code that just redirects you to a fake web page. It is just a fake animation you are seeing. Nothing to worry about as long as you don't agree to install anything on your Mac.
Thanks for your reply. In fact, soon after posting, I did manage to force-quit Firefox. At first, I couldn't. The next time I opened it, there was an obviously fake page asking if I wanted to "go back to a tab". After closing that, it all seemed to be gone. I wonder where the thing came from..as I think I was opening genuine emails (that I know), not a web page. Could it have infiltrated someone's email?
(I appreciate MacMost, all info, and the interactive opportunity.)
Could have come from any piece of content on that page. A message. An ad. A list of things. I know those Yahoo email pages are filled with content, so it is hard to say.
Good Job on this video Gary... I've been on an iMac for a couple of years now and this is the first time I've seen the Activity Monitor. Very Helpful vid.
Is MacKeeper legitimate or malware?
MacKeeper is not malware. It is legitimate software. As to whether it is useful or worth the price, that's another story.
I don't understand how noone's traced the site to it's owners? Of course it's traceable. That's very fishy. First of all, being all alarming about this ridiculous trojan perpetuates it. Second, it seems very difficult to even get this virus. You really have to be stupid.
I use OS X Lion. And would my computer be safer from threats if I were to use the Standard user account vs the Administrator one on a regular basis?
Use an administrator account if it is your Mac and that's account that you use. Non-admin accounts are fine for other users (kids, friends, etc). Using a standard account won't really make things any safer, but it will be an inconvenience at times.