• Did you order new AirTags? We've opened a dedicated AirTags forum.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
52,497
14,189






Earlier this month, a new malware threat known as "MACDefender" popped up, targeting Mac OS X users with requests to install an application claiming to be an antivirus program. The malware has continued to be a problem for many users, showing up with regularity under several different variants.

ZDNet's Ed Bott has been looking into the issue, and while some may dismiss his claims due to his position covering Microsoft for the publication, he has uncovered some interesting information in speaking with an anonymous AppleCare representative about the situation. According to the representative, Apple has been dealing with significant call volumes about the issue, claiming that over 50% of calls last week were about the malware.
There's usually about 600 or so of us spread around 14 centers for CPU support. Before this started happening, we had 7-12 minutes between calls generally. Now we're lucky to have any time between calls.

We started getting a trickle of calls a couple weeks ago. However, this last week over 50% of our calls have been about it. In two days last week I personally took 60 calls that referred to Mac Defender.
The representative noted that AppleCare's official policies prevent them from assisting customers with malware issues, as the company does not wish to set expectations that they will be able to do so consistently going forward, instead recommending that customers look into antivirus software. Some representatives have, however, reportedly been quietly helping out customers as their superiors look the other way.

In a follow-up article responding to claims that his initial report was fabricated and the issue overblown, Bott documents his examination of Apple's support forums, where he found over 200 threads from users trying to remove the malware from their systems, far higher than any previous incident. And while the malware requires that users grant explicit authorization for the software to be installed, Bott argues that there are clearly significant numbers of relatively less savvy users who are taking the bait.

Finally, Bott today published the actual AppleCare internal support document about MACDefender, where it is revealed that the issue has been categorized as "Issue/Investigation In Progress" and outlining the procedures to be used by support representatives when dealing with customers calling in about the issue. Essentially, users who have not yet installed the malware are instructed to quit the installer and delete the download, while those who have installed the software should be directed to Apple resources to learn more about malware and left to find their own antivirus solution.

Article Link: Apple Investigating 'MACDefender' Malware, Support Staff Barred From Assisting Customers
 

ggg05a

macrumors regular
Jan 11, 2009
128
0
Call me cold, but I have absolutely 0 "zero" sympathy for people who download anything they hadn't requested, had just popped up unannounced.

What happened to the average Mac user being educated?
 
Comment

Eddyisgreat

macrumors 601
Oct 24, 2007
4,851
1
I can already hear the pitter patter of trolls running towards the forums shouting "hear ye hear ye! death to the mac hath finally cometh with this new super virus that's quite unstoppable!"
 
Comment

paulypants

macrumors 6502a
Jun 17, 2003
558
95
Buffalo, NY
Call me cold, but I have absolutely 0 "zero" sympathy for people who download anything they hadn't requested, had just popped up unannounced.

What happened to the average Mac user being educated?

I agree, unfortunately the rash of 'switchers' has lowered the average tech IQ of the userbase.
 
Comment

ciTiger

macrumors 6502a
Jan 25, 2011
626
0
Portugal (Porto)
I supposed it is to be expected that with the number of Mac users greatly increasing the virus and alike would begin to target the OS more often...
 
Comment

dagamer34

macrumors 65816
May 1, 2007
1,359
101
Houston, TX
Call me cold, but I have absolutely 0 "zero" sympathy for people who download anything they hadn't requested, had just popped up unannounced.

What happened to the average Mac user being educated?

I think you aren't aware of what the average "new Mac" users level of education is.
 
Comment

Cameron Hood

macrumors member
Aug 1, 2010
51
18
Duh....

it's unfortunate that this is happening to us, finally, but it's NOT like it can't be avoided. Just don't install anything you didn't specifically request, as has already been suggested. Is that a difficult thing to comprehend?

:confused:

Cheers,
Cameron
 
Comment

DCstewieG

macrumors member
Jun 30, 2008
88
125
U.S.A.
Where's the update for the built-in anti-virus/malware in Snow Leopard? Isn't this the easy answer? :confused:
 
Comment

Elijahg

macrumors 6502
May 23, 2005
269
173
Bath, UK
I downloaded this to have a look at the package. The download shows up as an ad on websites, and tricks people by saying their Mac has a virus. It doesn't auto download, you do have to click "download", making it seem more official. The unsuspecting user then downloads and installs, which obviously installs the trojan too. I had a look at the application package, and it has lots of references to purchasing something or other which I assume to be an upgrade to "remove" the viruses it "found". I guess you enter your credit card details, which get sent off to wherever for someone to sap out some money.
 
Comment

GFLPraxis

macrumors 604
Mar 17, 2004
7,115
418
It's somewhat ironic, in a way, that the only Mac "virus" (trojan, not virus) will only get people who manually install it because they think they need an antivirus on a Mac. :rolleyes:

Expect waves of people proclaiming that Macs have viruses too, etc etc, when this is actually just crapware that the user has to install.
 
Comment

mobilehavoc

macrumors 6502
Jun 30, 2007
377
12
A few more of these type of events and Apple loses one of its chief marketing strategies for the Mac.
 
Comment

ChrisTX

macrumors 68030
Dec 30, 2009
2,682
52
Texas
This tried to install on my MacBook Pro last night and I immediately cancelled and deleted the file ASAP!
And for the record I got this after clicking on a link from Yahoo! News.
 
Comment

goobot

macrumors 603
Jun 26, 2009
5,989
3,077
long island NY
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

Stupid people like this shouldn't even use a computer.
 
Comment

Aduntu

macrumors 6502a
Mar 29, 2010
599
1
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

Stupid people like this shouldn't even use a computer.

Yes, that's it. Because educating people is never the answer.
 
Comment

nastymrx

macrumors member
Jan 6, 2011
43
0
Those damn malware creators causes me lots of work. Damn you!.
Anyway, the poor bastards installing unknown software should learn, now!.
 
Comment

charlituna

macrumors G3
Jun 11, 2008
9,634
815
Los Angeles, CA
There are three things happening in these articles.

1. Reports that calls are up about this and malware in general.

Likely true

2. Reports that Apple Care reps are being told they are not allowed to offer any support on this matter.

Also likely true

3. Implications that Apple is wrong to be refusing to 'support' this issue and is obligated to do so.

Not true. This is user damage and if you bothered to read your warranty and AppleCare you would know that it is not covered. Nor is this any different than any other 3rd party support by AppleCare (which is zero). Nor different than customer support from any other OEM company for malware (which is also zero).

As for the 'investigating', Apple is always investigating everything. In this case it is to make sure that there are no holes in the system to let this thing in unawares. And perhaps to find a way to block it (and similar) via a security update with a big red flag that says (best read in a Sam Jackson voice) "this could be **** that will f up your system, are you really sure Mo Fo that you want to install it" or even better update Safari to block the pop up.
 
Last edited:
Comment

mack pro

macrumors member
May 3, 2011
67
0
It's somewhat ironic, in a way, that the only Mac "virus" (trojan, not virus) will only get people who manually install it because they think they need an antivirus on a Mac. :rolleyes:

Expect waves of people proclaiming that Macs have viruses too, etc etc, when this is actually just crapware that the user has to install.

Crapware as you call it is just as bad as a virus especially when your userbase is as ignorant as Apples.
 
Comment

Stella

macrumors G3
Apr 21, 2003
8,609
5,569
Canada
"while those who have installed the software should be directed to Apple resources to learn more about malware and left to find their own antivirus solution."

Leave the user to find their own solution.

Doesn't sound very Apple like.
 
Comment

mypants

macrumors newbie
Mar 21, 2011
16
0
Poisoned ads

I wonder what types of sites these people are visiting to get these popups. I have not seen one of these popups yet.

My browser got hit with this twice. Once from FARK (I think) and another time from another "Mac news" site that I regularly go to.
Both sites use ad services to serve up their ads.
Somehow this "Mac Defender" and also "Mac Protector" showed up with the normal ads.

So it was not simply bad neighborhoods. The poisoned ads had somehow infected the ad servers.

I can't recall if simply loading the page caused the browser hijack or if you had to roll over the ad, but regardless, it was pretty startling and rather impressive.

I don't think you will get to either of them again as the ad services have removed them. I also don't understand recommendations for AV software. There is no AV software that will do anything about this until it is far too late. AV software can't protect you from social engineering tricks.
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.