Mac Defender variant 'requires no password'

By

New strain bypasses administrator checks.

The Mac Defender virus that has plagued Apple since the beginning of May has mutated into a more dangerous strain, according to security firm Intego.

Mac Defender variant 'requires no password'

Several variations of the fake antivirus malware have appeared since Mac Defender first emerged, but Intego claims the latest is more of a threat because it no longer needs an admin password for installation.

“Unlike the previous variants of this fake antivirus, no administrator’s password is required to install this program,” the company said on its blog.

“Since any user with an administrator’s account – the default if there is just one user on a Mac – can install software in the Applications folder, a password is not needed," the post said.

“This package installs an application – the downloader – named avRunner, which then launches automatically. At the same time, the installation package deletes itself from the user’s Mac, so no traces of the original installer are left behind.”

Intego said it was grading the issue as a medium-level threat, partly because the widespread attention to the virus had led to SEO poisoning, with malware sites appearing high in search results.

According to Intego, the new variant comes in two parts. Firstly, a downloader and installation package called avSetup.pkg downloads automatically from poisoned websites.

The second part of the malware is a new version of the MacDefender application called MacGuard that avRunner downloads from an IP address that is hidden in an image file in avRunner’s Resources folder.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © Alphr, Dennis Publishing
Tags:

Most Read Articles

Microsoft knew of SharePoint security flaw in May, initial patch ineffective

Microsoft knew of SharePoint security flaw in May, initial patch ineffective

Gov to encourage vuln research, puts insurers and NFPs on notice

Gov to encourage vuln research, puts insurers and NFPs on notice

Palo Alto Networks in talks to buy CyberArk

Palo Alto Networks in talks to buy CyberArk

Allianz Life says majority of US customers' data stolen in hack

Allianz Life says majority of US customers' data stolen in hack

Log In

  |  Forgot your password?