Malware on your Mac? Don't expect AppleCare to help you remove it

Filed Under: Apple, Malware

Fake anti-virus on the MacZDNet writer Ed Bott has today published a fascinating conversation with an AppleCare support rep on the subject of Mac malware.

For reasons which will become obvious when you read the interview, the Apple support rep has chosen to remain anonymous. Chances are that if he hadn't kept his identity secret that he would be thrown out of the company pretty quickly.

According to Bott's source at Apple, AppleCare's call volume is "4-5 times higher than normal" and the overwhelming majority of calls come from Apple customers who have been hit by the current spate of fake anti-virus attacks on the Mac OS X platform.

Mac Security fake anti-virus. Click for a larger version

The Mac Defender fake anti-virus attack, and its variously named variants, are becoming common problems it seems:

It started with one call a day two weeks ago, now it’s every other call. It’s getting worse. And quick.

Perhaps most astonishingly, the interview reveals that Apple's official policy is that representatives are "not supposed to help customers remove malware from their computer."

The reason for the rule, they say, is that even though Mac Defender is easy to remove, we can't set the expectation to customers that we will be able to remove all malware in the future. That's what antivirus is for.

Although the support rep does admit that he often ignores corporate policy and help customers remove infections, he does acknowledge that this could get him into trouble if it comes to the attention of higher management.

But I can sympathise with the support rep, as it's hard to justify refusing to help a user with an infected Mac when it is using scare tactics and unsavoury pop-up windows to hoodwink them into handing over their credit card details for a "fix".

As the AppleCare support rep describes:

Well, I’m sure you’re aware of what Mac Defender pops up on your screen if you don’t buy it. Last call i got before the weekend was a mother screaming at her kids to get out of the room because she didn’t want them seeing the images. So, panicking, yes, I’d say that would be the situation usually. I had a teacher call about Mac Defender last week.

Typical website displayed to users who refuse to pay after the fake anti-virus attack

You can read the full interview on the ZDNet website.

Here's a video where we caught one of the fake anti-virus attacks in action:

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like.)

Sophos detects the latest Mac malware as OSX/FakeAV-DOE, and as we continue to encounter more waves of this attack we will enhance our protection.

If you're not a Sophos customer, but have a Mac at home, you can still protect your Mac right now.Download our free Mac anti-virus. It's automatically updated to protect against the latest threats.

DownloadFree Anti-Virus for Mac
Download Sophos Anti-Virus for Mac Home Edition

, , , , , , ,

You might like

50 Responses to Malware on your Mac? Don't expect AppleCare to help you remove it

  1. Come on Mac folks... you can afford "free". This is one of the best AV products I have used.


    • Most users would expect their Apple care to cover everything...

      Actually I've asked this question to a local Mac store and they too was initially confused. Then I got to talk to the manager and he said "In the *extremely* rare case that Apple mac does get infected, Apple would not cover it (not exact quote)." Also, he said just google the information of how to remove the malware.

      • Richard · 1567 days ago

        "just google the information"

        Great advice if your only computer happens to be hosed by malware!

      • Matt · 1567 days ago

        "extremely rare" - I believe that is half the problem right there.

        • Yeah. All Mac Gurus I ask about the inbult security and recommended security options always say they are not needed as Macs NEVER have virus (their words not mine). Upon pushing them about viruses, they said, they never encounter one so all those AV programs are just memory hogs.

  2. Dan Showter · 1567 days ago

    So what's the difference between your product and Mac Defender? I guess that your product detects Mac Defender and doesn't demand payment. But your product is designed to create fear and demand for a product that Mac users don't need yet. It's that fear that drives users to install nonsense like Mac Defender. Be honest about exactly what your product detects. It's barely worth installing right now - the sum total of OSX malware in the wild can be avoided and detected manually. But I guess you guys are in the industry of sales through misinformation.

    • First off the FAKE Mac Defender is not manufactured by a reputable company like Sophos. Also Sophos AV does not detect malware willy nilly like Mac Defender (fake).

      Furthermore, Macs CAN have viruses and the number is steadily rising!

      • Grenville Grimace · 1567 days ago

        "Furthermore, Macs CAN have viruses and the number is steadily rising!"

        Complete rubbish.

        Theoretically, yes OS X could get a virus.
        But, there are no OS X viruses in the wild.

        For this to work I have to:

        1. Download the installer
        2. Run the installer
        3. Enter my admin password

        Sophos: Stop spreading FUD and all me when something pops up where none of these steps apply.

        • Matt · 1567 days ago

          Behond, a list of OSX viruses, only partially complete:

          Have no doubt, there are indeed many OSX viruses out there, not many are very prevalent, but they exist.

          • Grenville Grimace · 1567 days ago

            Lol, 116 threats found.

            Proved that you can use a search engine, but don't know how to interpret the results.

            A smattering of adware, some not in wild proof-of-concept and some going all the way back to Mac Classic OS.

            Can't see a single 'in the wild' OS X virus in that list.

            Thanks for the laugh though.

            • Prevention is better than cure. I personally will be taking the opportunity to point and laugh, saying "Told you so" when all the OSX and Linux fanbois don't install any AV until after they have been the victims of fraud or ID theft.

              There is never any harm in being safe and increasing your security. One of the biggest threats is going to be when someone finds a hole in IPhone or Android software for the remote execution of malicious code without user interaction. 99% of users don't protect their phones (Which are more computers than phones).

              If your only going to learn the hard way then on your own head be it. At least all the security "experts" (Myself included) out there have given you plenty of warning and you'll have no-one to blame but your own arrogance.

              • Grenville Grimace · 1565 days ago

                Laughing Boy Richard: Convince me by answering two simple questions.

                1. Be honest about the total number of genuine in-the-wild OS X threats that are actually detected by Sophos malware definitions.

                I require a link to the list and it MUST NOT include any hint of padding. .i.e., pre-OS X malware, proof of concept, low grade but legit adware or threats already nullified by OS X updates.

                Further, I require an honest indication by percentage of that figure within the '100%' content that is the defs file.

                2. Please explain to me how Sophos, or any other, AV product can protect an end-user from threats which don't yet exist (on any platform).

                Is Sophos magic, or do you just keep your fingers crossed and wish reeally hard.

                • Fair enough.

                  Granted the current number in the wild is currently limited. This is why I said "when".

                  From what I can tell Sophos don't currently have a listable way to see all threats for OSX. This would be nice if they did and would not only be a useful resource but serve as a proof of concept at least.

                  Search the net a bit and there are several definitions of recent malware. Although currently these do rely much more on social manipulation than on an actual software vulnerability.

                  It is only a matter as time, in the last few years apples popularity outside of the ICT/Digital Arts professions has been steadily growing and making it a larger and juicier target. While currently the number of threats are limited they do exist and having an added layer of "Free" protection can do no harm, in the long term by keeping up to date with definitions updates you will more than likely be able to download a required definition file before you actually get hit with an infection.

                  On the other hand you don't choose the added protection until afterwards then you haven't got the definitions and the infections costs you something.

                  I am not trying to argue the fact that everyone currently needs it. More advanced users that are less susceptible to social engineering are less likely to get an infection.

                  As I have previously mentioned in posts regarding this subject I have seen several infections first hand in the last few weeks on home Apple machines. These users don't understand what they are doing when asked to install something and thus get infected.

                  I would like to know why having an anti-virus product is a bad thing?

                    • Grenville Grimace · 1562 days ago

                      But this says more.

                      Charlie Miller's considered opinion trumps Kingsley-Hughes straw man:

                      "Should Mac customers install anti-virus software by default like most Windows customers do?
                      Charlie Miller, a security researcher who has repeatedly won the annual Pwn2Own hacking contest by hacking Macs and iPhones, told he doesn't think so."

                      "Miller noted that Microsoft recently pointed out that 1 in 14 downloads on Windows are malicious. And the fact that there is just one piece of Mac malware being widely discussed illustrates how rare malware still is on the Mac platform, he said."

                      "And while 200 posts complaining about Mac Defender in Apple's support forums may seem like a lot, that's still a small fraction of the millions of Mac customers in the world."

                    • Moving forwards surely we have the benefit of foresight a bit here.

        • Viruses aren't so much of a deal on Windows or Mac these days - both platforms have a bigger problem with Trojan horses, and folks are getting hit increasingly commonly unfortunately. Yes, even on Mac OS X.

          Your argument about having to download and run an installer seems to forget the social engineering aspect of many of these attacks which do indeed fool users into taking risky courses of action (such as running dangerous software on their computer). In the case of these fake anti-virus attacks, the user is fooled into believing that they have a security problem on their Mac, and are tricked into handing over their credit card details. This scam has worked remarkably well on Windows users for some time, and sure enough it's working on Mac users too.

          Judging by Apple's online support forums, more and more Mac users are being hit?

          So, are we really spreading FUD, or should you wake up to the possibility that maybe there is a genuine problem for Mac users?

          • Tair · 1567 days ago

            Graham is correct.

            The majority of Mac users becoming affected by malware are doing so primarily out of lack of experience or understanding. Sophos is providing a slick, free service to help mitigate that.

            I've been using Sophos' AV since it launched, and I have virtually no personal risk of contracting malware on OS X at this time; but, guess what? It's free, it's stable, and it protects my Windows-using clients.

          • Grenville Grimace · 1567 days ago

            "So, are we really spreading FUD..."

            Unless or until you can cite a source with more credibility than Ed Bott's 'MICROSOFT REPORT' then the answer would have to remain 'yes'.

            Unless or until you're honest about the actual number of real OS X-specific threats in your virus database, the answer would have to remain 'yes'.

    • T. Anne · 1567 days ago

      1. There is a real Mac Defender which is a legit anti-virus product... and there's the fake one. That's part of what makes this fake av so successful and has created big problems for the real MacDefender.
      2. The Sophos product is completely free - they're not drumming up sales through misinformation... there is no money - hence no sale.
      3. Simply because Macs haven't been hit with a fraction of the issues PCs have, doesn't mean that having extra security is a dumb idea... That's like saying it's pointless to have safe sex because x% of the time you won't get a disease or get pregnant... so why take the precaution to lower the odds? Not to mention - at what point does the % turn from being low enough to "ignore" to high enough to be worth considering? If I have a lower % risk with my Mac but want to lower it more and make it more secure - what's wrong with that?

      Look at all the security breaches that happen every day - I'm sure many settled with what they thought was "good enough" as opposed to having a truly layered security which took the already low odds and made them lower.

    • kanine · 1567 days ago

      Here is what I truly laugh at with compulsory denialists like yourself... ALL OS variants on ALL computers (even those permanently disconnected from the 'net... short of NEVER connecting to an external device of ANY kind) should have some sort of effective AV protection installed. That is NOT scaremongering, just common sense.

      The fanbois often go on about how OS X descended from Linux and therefore is impervious... yet forget some basic FACTS

      # OS X derives from Nextstep... whist THAT derived from UNIX (not Linux), it was a forked development that stepped further away from the fold when it evolved into OS X.

      # Apple has continued to weaken OS X's natural resilience in the name of "user friendly"... the whole update process (giving so little details on ANY update package it is tough to know what is legit and what has hacked the update process) is a security joke for starters.

      # Apple's own habit of denying the need for any security/AV app till now has only helped entrench these beliefs... al in the name of trying to increase sales of the back of PC viral fears... little wonder they are now so ill-prepared

      # A number of Linux distro's have found elegant balances btwn hardened OS builds and user-friendliness.... and yet ALL Linux dev's I know of DO encourage users to still use AV software... many also either encourage or include in their OS sand-boxing technology as well. These are OS builds CONSIDERABLY safer than OS X and yet they advise safe practices from the outset... the fact that Apple has not followed suit demonstrates a distinct aura of blatant nepotism!

  3. Macsleuth · 1567 days ago

    Microsoft doesn't remove malware from it's OS, why should Apple be expected to?

    • But Microsoft also doesn't have a "complete" coverage that Apple advertise! Apple coverage seems to be a "fix all" protection (at least it seems to suggest)

    • Horus3pinter · 1567 days ago

      That is a great question! To be fair, Microsoft Windows does warn you if you don't have adequate virus protection and directs you to where you can get anti virus products.

      But I think it's the fact that apple products are grossly overpriced that makes people (me too) expect to get good customer support.

    • Richard · 1567 days ago

      Never heard of the Malicious Software Removal Tool, then? :)

      You know, the one that gets pushed out automatically every month via Windows Update?

  4. MacGuy · 1567 days ago

    I have NO idea who the rep was, but knowing a few folks myself within AppleCare, I ran this article by them. Not a single one agreed with the 4-5x call volume on Malware. Sorry, while I like your products, this article doesn't pass the smell test.

    • Tyw7 · 1567 days ago

      Are you accusing Sophos of making the story up? Perhaps certain regions of the country/certain countries is affected more than others?

      • Note that it's not us making the claims. We're reporting on an interview that Ed Bott conducted with an AppleCare representative. The full transcript of Ed's conversation can be found on the ZDNet website in the link we gave in the article.

  5. DjFIL · 1567 days ago

    I just love how all of the current Mac viruses currently require users to type in their Admin password to complete the install. You really have to be gullible to get tricked in to one of these software... but as they say, "a sucker is born every minute".

  6. At least most Windows have AV installed, so hopefully the AV program would catch it. Also IE9 have a built in smart screenfilter built to catch most malwares.

    Occassionally when I surf the net, Norton (I use Norton as I am a consumer customer, sorry Sophos) would pop up in the corner and say it has blocked a fake av page and IE9 would show a 404 error.

  7. The problem with Mac "grurus" and fanboys is their snobbishness. They believe that just because they use a mac, they are "invincible" to viruses!

    At least with Windows user, we accept viruses do exist and install proactive protection BEFORE such problem appears. Furthermore, Windows have many excellent virus removal tools out there. One of which is Malwarebytes.

  8. Grenville Grimace · 1567 days ago

    And, of course, most Winboxes are set up in such a way that two of the three necessary installation steps are eliminated.

    i.e., the installer can probably auto-run and no admin password is even required.

    Which leaves you at the mercy of that anti-virus package for some maybe-protection.

  9. Dan Showter · 1567 days ago

    Yes Graham, there is a genuine problem for Mac users and unfortunately Sophos are part of that problem. Yes, social engineering is the easiest way to spread malware and in this example people are so afraid of the threat of malware that they actually install the malware themselves. And what do you do? You try to capitalise - see everyone, you DO need malware protection to protect you from fake malware protection. Sophos AV is a decent product, but it's free on the Mac right now, because it isn't needed yet. The company is just building mindshare. Now if you guys were honest about that, I'd have no problem. At this point in time, Mac users can be vigilant and protect themselves. If that seems beyond the individual, then your free product is a good alternative. But stop spreading the fear - disclose the facts on how much genuine "in the wild" malware you're actually scanning for and let user decide for themselves. I'm afraid this article just illustrates that your current marketing strategy is hurting the Mac community, not helping it.

    • I'm afraid your argument doesn't stand up. Because we have been honest and up-front about the reason why we produced our free anti-virus product for Mac.

      See - you see, there's no conspiracy here.

      Our free Mac anti-virus product for home users makes people think we're cool and gets our name out there. That should help us sell even more software to businesses. In other words, it's all about brand awareness.

      It's pretty cool that you can benefit at home from us wanting to raise our brand awareness.

      Of course, we're not made of money, and so we can't give users of our free home Mac anti-virus the same high level of support that we offer our paying business customers.

      May i suggest you go to Apple's support forum and try to convince the users who have been infected by the latest attacks that they don't need anti-virus. Especially if it's free.

      I'd love to hear how you get on. :)

      • The problem is most users are not Mac Gurus and do get themselves infected. I've cleaned 4 Macs in 3 weeks but the users have no IT knowledge at all and thought the malware was trying to help them. 50% of the users who call me were on the edge of paying the malware to clean the infection with roughly 10% already paying them before ringing me because it didn't work.

        The problem is more prominent on the basic users than on experts computers but this is also true in a Windows environment.

  10. Sizzle69 · 1567 days ago

    Regardless of what Mr Jobs tells you in the adverts, Mac users aren't all streetwise 20 year olds with a good head on their shoulders. A large amount of Mac users are just your usual everyday person who probably would have the first clue about social engineering attacks or malware. "Hold up, my computer is asking for my password.... I best enter it then". Oh, you've been pwned. What's the big deal about putting AV on your system? If you're sure that you know what you're doing then fine don't install it but don't talk like you're the all knowing voice of the Mac community and suggest that no one needs it. Afterall, Apple convinced you to buy a product that's way overpriced. Oh dear, you've just been socially engineered by "your mate" Steve.

    Anyway, I'm sure Sony had the same attitude until recently.

    • I agree wtih Sizzler69. From what I've seen most Mac fanboys are claiming that they are "invincible" to virus. One of the question that I've asked to my friends to facebook about what brand of AV they used, got a reply with I have a mac so I don't need one!

  11. I've emailed to the manager of Truro store, and I'm hearing conflicting reports. One one hand, one of the guy at the store (presumambly someone of great power) said that virus removal is not covered and one would have to remove it yourself. But the manager said that the store will remove the virus for free.

    Make your mind up!

  12. Just a comment to all the pessimists who seem to read this blog. The information provided by Sophos and all the other security firms try to help the average user. The expert users should know better and need the information less.

    Most users are not computer experts are are allot more susceptible to social engineering and will most likely install malware voluntarily.

    It is these basic home users we need to reach and protect as without the support of the IT community and some guidance they will get infected and this will result in fuelling the bad guys will to produce more malicious software and continue their activities.

    Stop thinking about your own expertise and think about helping those without your level of expertise in avoiding infection.

  13. Tiffany · 1566 days ago

    To the naysayers- I am a fairly computer savvy person, not an expert or anything but savvy. After installing Sophos antivirus on my computer it detected 6 Trojan Viruses. Now considering that I keep up to date on current threats, do not open E-mails unless I know who they are from, & do not visit questionable websites, How did said viruses get on my computer? Answer- I am not the only one in my household who uses our MAC, I have 3 children & a husband who use it as well. Recently I discovered one of my credit cards was compromised (which is still in my wallet), the thieves cleaned the account in one day. Now I do not know how they got my number as I have used the card twice online on "secure" sites back in December & not since then. But I suspect it may have had to do with the Trojans that were on my MAC. Just wanted to share, because I thought as a MAC owner we were safe from threats & clearly we were not! Better safe than sorry indeed & Thank you Sophos for the Free Mac virus protection as well as all of your knowledgable security updates.

  14. Glenn · 1565 days ago

    Mac owners have long stood by the saying "Macs dont get viruses". Now its everyone elses fault that they are according to them. Most Mac owners I talk to still say it and have no Idea that the criminals have unleashed on them. These criminals were smart as they waited a long time letting the users think they does need antivirus and then pouncing on them when they all there pants down. Wait till they start getting rootkits that are silent as they steal the banking and credit card information. Apple and its stance on "Macs cant get viruses" has led to this slaughter on the dillusional owners, and I believe because of this Apple should help with the removal. Apple should be ashamed for their claims and years long campaign about being protected from viruses. But for all the people that still want to go on without protection, that is their dimise not mine.

  15. If you guys don't believe Sophos, why not read an INDEPENDENT blog with no finicial gains. See my blog where I try to explain the main reason behind the Fan boys snobishness and Apple's attitude toward malware.

  16. I think Apple has partial blame for this snobbish attitude! Remember the Mac vs PC ads where they claim Macs are invincible to malware/doesn't get them?

  17. T. Anne · 1565 days ago

    Part of the problem is that when buying a MAC they'll actually tell you NOT to add AV as it supposidly will mess with their built in security and make you MORE vulnerable to attack. Then you have so many people who have drank that kool-aid for years still saying it - despite the fact that there is proof that the criminals have started to work on MACs too... and the more users there are - the more attempts there will be. It's sad when the average user is told that they don't need any extra protection by the so called experts... and as a result are left vulnerable to attack.

  18. J.R · 1560 days ago

    Actually I was at the Genius Bar last week and a lady brought in her Macbook Pro cause it had some Malware on it from an email she kept opening and the Genius gladly removed it and found the email that was causing the problem.

  19. Jon Fukumoto · 1137 days ago

    All Mac owners take note of this: THERE'S NO SUCH THING AS 100% SECURE!! Even Macs can be infected as there's also cross platform malware out there. Having anti-virus installed on your Mac is a must, so don't be complacent. I've known long ago that even Macs can be infected, and so I took steps to protect myself. I keep all my software up to date and I'm careful on where I go. It's time for Mac users to wake up and face the reality!! Even though the amount of malware is nowhere close to that of Windows, Macs still need to be protected. Sophos is doing a great job of letting everyone know. The Java vulnerability is one such example. I've never been infected, thanks to the free anti-virus product that Sophos released, and I get piece of mind know I'm protected while online. Please pay heed to the warnings and don't be complacent when it comes to security.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley