New versions of the latest malware to hit Mac OS X users have come to light, following the discovery earlier this week of fake anti-virus attacks being spread by SEO poisoning.
Fake anti-virus (also known as scareware or rogueware) is commonly seen on Windows computers, of course, but until now has been rarely encountered on the Apple Mac platform.
The new variants, seen by SophosLabs, are calling themselves “Mac Security” rather than their previous disguise of pretending to be “MacDefender” (which, incidentally, is the name of a genuine security product for the Mac – adding to the confusion).
When I ran the fake anti-virus on a test machine it claimed that a number of innocent files, including Mozilla Firefox, were infected by viruses and told me I would have to register the program in order to cleanup the “infections”.
It’s precisely these kinds of scare tactics which are regularly used by Windows-based fake anti-virus attacks to hoodwink innocent users into handing over their credit card details. Clearly whoever is responsible for this latest spate of attacks believes that there are rich pickings to be made from Mac users too.
Sophos detects the latest variants as OSX/FakeAV-DOE, and as we continue to encounter more waves of this attack we will enhance our detection to protect Mac users.
If you’re not a Sophos customer, but have a Mac at home, you can protect your Mac right now if you download our free anti-virus. It’s automatically updated to protect against the latest threats.
Oh, and did I mention that our free Mac anti-virus product recently won a rather prestigious award? ;-)