Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Raid on Russian Firm May Have Taken Down MacDefender Malware

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,481
30,717



MacDefender was the most significant malware attack on the Mac in years, if ever. The threat started in May, infecting many less-savvy Mac users, and had become widespread enough that Apple was forced to release a special anti-malware security fix. The software would be downloaded when users visited certain websites and, once installed, looked to be legitimate anti-virus software. Unsuspecting users would get warnings of viruses infecting their system. By entering their credit card number, users could pay to "remove" the viruses.

Except it was all fake. There were no viruses, just a piece of software trying to trick users into handing over their credit card numbers.

macdefender_dialog_box.jpg



The hidden developer behind MacDefender continued to release new variants of the malware into the wild, resulting in a cat-and-mouse game as Apple continued to ban new variants of the software.

Then, one day, MacDefender simply disappeared. Richard Gaywood, at TUAW, pointed out that Apple hadn't updated its malware definitions -- the code designed to kill MacDefender -- since June 18.

Brian Krebs might have the answer:
On June 23, Russian police arrested Pavel Vrublevsky, the co-founder of Russian online payment giant ChronoPay and a major player in the fake AV market.

[...]

In May, I wrote about evidence showing that ChronoPay employees were involved in pushing MacDefender -- fake AV software targeting Mac users. ChronoPay later issued a statement denying it had any involvement in the MacDefender scourge.

But last week, Russian cops who raided ChronoPay's offices in Moscow found otherwise. According to a source who was involved in the raid, police found mountains of evidence that ChronoPay employees were running technical and customer support for a variety of fake AV programs, including MacDefender.
Click to expand...
The last release of MacDefender occurred on June 18. ChronoPay's offices are raided June 23. A coincidence perhaps, or Russian law enforcement saving Mac users from fake antivirus software.

Article Link: Raid on Russian Firm May Have Taken Down MacDefender Malware
 
Article Link
https://www.macrumors.com/2011/08/04/raid-on-russian-firm-may-have-taken-down-macdefender-malware/
deannnnn

deannnnn

macrumors 68020
Jun 4, 2007
2,090
625
New York City & South Florida
This is good news. MacDefender got my Dad. He, like many Mac users infected with the malware, is one of those people that clicks "okay" to anything just to get the windows to go away.
 
MBP13

MBP13

macrumors 6502
Mar 13, 2011
278
1
Way to go! I'm glad the ringleader of all of this crap was finally captured.
 
8ate8

8ate8

macrumors member
Nov 9, 2010
61
1
Central Jersey
Wirelessly posted (iPhone 4: Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_4 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8K2 Safari/6533.18.5)

In Soviet Russia, anti-virus software....

No, I'm not gonna go there...
 
T

taigebu

macrumors newbie
Aug 4, 2011
1
0
Thank god Vladimir Poutine was infected unless this would have never happened :p
 
T

Tom8

macrumors 6502a
Oct 28, 2010
848
71
8ate8 said:
Wirelessly posted (iPhone 4: Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_4 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8K2 Safari/6533.18.5)

In Soviet Russia, anti-virus software....

No, I'm not gonna go there...
Click to expand...

milbournosphere said:
In Soviet Russia, malware...oh screw it, I'm just happy to see them arrested.
Click to expand...

I'll do it for you two


In Soviet Russia, anti-virus software infects you!
 
D

DefiantSoul

macrumors member
Dec 23, 2004
31
0
Wirelessly posted (Mozilla/5.0 (iPhone; CPU iPhone OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Mobile/9A5274d)

Maybe I'm being too harsh, but anyone that falls for the old "YOU HAVE VIRUSES!!! Give us your credit card number and we'll get rid of them!" trick deserves what they get.
 
G

Gregintosh

macrumors 68000
Jan 29, 2008
1,914
533
Chicago
I always wondered why authorities haven't gone after the credit card processors who process the payments for these kinds of scams.

In order to obtain a merchant account, typically you have to submit your company to a full background and credit check, so it should be a piece of cake to follow the money trail right to the door of whoever is profiting from these scams.

Visa and Mastercard (the two biggest credit cards in the US) could also step in and deny merchant services wholesalers that have these kinds of transactions the ability to process Visas or Mastercards, which would effectively kill the offending processors business and/or make that industry clean up its act.

With a few strategic moves, the financial incentive to put out malware like this (which is all too common) would be greatly diminished and we'd probably see A LOT less of it.
 
Q

qtx43

macrumors 6502a
Aug 4, 2007
659
16
So is ChronoPay sort of like Russia's PayPal? Thank goodness that PayPal's execs are more honest ...they are, right?
 
GGJstudios

GGJstudios

macrumors Westmere
May 16, 2008
44,545
943
Mr. Retrofire said:
MR wrote:


How can a trojan horse "infect" a "less-savvy Mac user"? Does it come via the display directly into the body of the said user? Impressive technology! ;)

This sounds like utter rubbish. Not?
Click to expand...
Not. Of course they mean infecting the computers of less-savvy users, which it did, since less-savvy users installed the fake AV when prompted, being gullible enough to believe they were infected by a Mac virus.
 
andiwm2003

andiwm2003

macrumors 601
Mar 29, 2004
4,382
454
Boston, MA
If true and if they are guilty I hope the russian Justice system and the russian jails live up to their image.

Again, if they are guilty I hope they rot in a jail in northern siberia for the next 25 years...
 
MacRohde

MacRohde

macrumors regular
Jun 1, 2004
164
0
Copenhagen, Denmark
DefiantSoul said:
Wirelessly posted (Mozilla/5.0 (iPhone; CPU iPhone OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Mobile/9A5274d)

Maybe I'm being too harsh, but anyone that falls for the old "YOU HAVE VIRUSES!!! Give us your credit card number and we'll get rid of them!" trick deserves what they get.
Click to expand...

Yeah, you are absolutely being too harsh.

Just because you are a bit trustworthy and/or naive - or just very new to the world of computers - does not mean you "deserve what you get".
 
J

jman240

macrumors 6502a
May 26, 2009
798
243
If this is the worst "threat" Mac users see then I find that pretty funny ;). I mean it doesn't do anything. Well, other than some small pop ups and asks for your credit card? Really? That is considered a "major threat..." :)

Unless it slows down or crashes your computer (ahem Windows Super Antivirus 2009 (10, 11, etc) then its just annoying. Nice that its gone though :D

My dad actually managed to get this thing [facepalm]. I just deleted it from apps and presto. Gone. It didn't even leave anything on the system (did a full search). =). Alternatively removing the fake A/V software on Windows can be a bit of a chore and best if you catch it early.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom