The Mac Defender malware has just gotten one step closer to your hard drive, no longer requiring a password in it’s installation process. Security firm Intego has released a new memo stating that a variant of the Mac Defender malware, dubbed MacGuard, doesn’t require an admin password during it’s installation process.
This streamlines the process of installing the malware on unsuspecting users’ machines, although it does not totally automate the process.
The Mac Defender malware is a malicious fake antivirus that propagates itself through links among the top results for searches. When a link is clicked, it downloads itself automatically and begins the install process. Previously, the user would have to interact with the installer by clicking next, then enter their admin password before it would infect the machine. Now, the user must still choose to install it, but the password step has been done away with.
The new MacGuard variant is also different in that once it’s installed, it downloads a payload from the web, the purpose of which is unclear but most likely has to do with recording and transmitting credit card numbers or other personal information.
The Mac Defender malware has been addressed by Apple in a support document and all of its instructions regarding prevention and removal still apply to the new MacGuard variant. Additionally, Intego recommends unchecking the “Open ‘safe’ files after downloading” option under Safari’s general preferences. This should prevent the application from automatically beginning to install, allowing you to simply discard it in the trash if it shows up in your downloads folder.
As is the case with all of the Mac Defender variants, simply closing the application and throwing it away rather than installing it will prevent any issues. Apple plans to release an update to OS X that will prevent installations of the Mac Defender malware and its variants.