While reading about the Weyland-Yutani Bot (WYB) toolkit, I wondered if there was a connection to it with MACDenfender. The two pieces of malware both have origins in Russia and somewhat compliment each other. MACDefender is a piece of scareware that largely targets Safari. It has received a lot of media attention and given it's nature, being rogue AV software, was going to do so. Did the press from MACDefender drive users to another browser? The WYB toolkit is made to facilitate the easy development of malware for Firefox and Chrome. Apparently, the developer of this toolkit has avoided Safari due to difficulties in relation to it's exploit paradigm. So, users being driven away from Safari helps the success of WYB. What vector exists in Firefox and Chrome that is not an issue in Safari? A big difference in these browsers is their password management system. Safari is integrated with Keychain Access and appears to be durable from manipulation by malware that exposes web login passwords. Access controls associated with keychain items prevent abuse by malicious software. Chrome provides decent protection in that public disclosure concerning a way to manipulate the function of the password management system has not occurred. But, malware on the system could potentially collect passwords for logins set by the user. Firefox password manager has issues if the user has not set a master password even if the service is not being used. The password manager function is modifiable to cause the service to automatically collect all passwords including those for SSL logins for websites that don't allow autocomplete. This was used recently against Firefox for Windows and the fundamentals of the problem have not been fixed. The exploitability of password manager services in these third party browsers could potentially be the target of the WYB. If so, then it benefits from users migrating away from Safari. Is there a connection? Most likely there is no direct connection but maybe MACDefender and WYB are the products of the same developer trying to develop malware that targets most of the browser market share of Mac OS X.