Analysis and Evolution of MacDefender OS X Fake AV Scareware

"Over the last month, a new fake AV scareware variant has been circulating for OS X which has been gaining a lot of attention. Mac security developments tend to be hot news whenever announced and this case has been a shining example of the rule. There's a fair share of overhyping at play too, of-course. But rest assured, this isn't the first outbreak of mac-specific malware and it won't be the last.
I suppose by writing this blog post, we're throwing our hat into the cat and mouse game too. (Wait... I forget. Are we the cats or the mice, again?)

We're not in the AV business, but it's always good to keep tabs on new malware developments since we do get involved in a lot of incident response and forensics work. Our research team has been tracking development of the MacDefender malware going back to its earliest known variants. My teammate Rodrigo Montoro and I have been gathering and analyzing samples of the malware as well as reviewing security event alerts tied to infections in the wild.

The MacDefender family of malware itself is not all particularly unique or threatening but it is the first known fake AV attack known to target Mac OS X. As others have pointed out, it is probably more accurate to label this 'scareware' than 'malware'. However, the MacDefender outbreak still bears a lot in common with other modern 'crimeware' campaigns..."


No comments:

Post a Comment