Mac Defender / Mac Protector fake antivirus for Mac OS X

14th May 2011

A trojan has surfaced that is targeting Mac users, called Mac Defender or most recently Mac Protector. It is triggered by javascript embedded in a website which downloads a .zip file containing the installer. Users who have not unchecked “Open safe files after downloading” will automatically run the installer  and ask for the user’s password. Once installed, the program will offer fake reports of viruses found on the system and require a purchase to unlock the full version and remove them.

To remove the program follow these instructions :

  1. Open Applications folder > Utilities > Activity Monitor, then make sure the drop-down menu at the top right of the window is set to “all processes.”
  2. Use the search field in Activity Monitor to search for MacProtector or MacDefender.
  3. Click on the MacProtector/MacDefender process. Click the “Quit Process” button. Click “Force Quit.”
  4. Drag the MacProtector program (installed in the Applications folder by default) to the Trash. Empty the Trash.
  5. Remove MacProtecter from the Login Items for your Account in the OS X System Preferences (if it exists).

Prevention :

To prevent such programs gaining access to your system:

  • Uncheck the “Open safe files after downloading” option in Safari preferences
  • Be careful with where you type your password
  • Never believe anything you haven’t installed claiming to have found viruses on your computer (this applies to Mac and PC), especially on a website.