Showing results for 
Search instead for 
Did you mean: 
Level 12

MAC Defender Rogue Anti-Malware Program

Intego has discovered a rogue anti-malware program called MACDefender, which attacks Macs via SEO poisoning attacks. When a user clicks on a link after performing a search on a search engine such as Google, this takes them to a web site whose page contains JavaScript that automatically downloads a file. In this case, the file downloaded is a compressed ZIP archive, which, if a specific option in a web browser is checked (Open “safe” files after downloading in Safari, for example), will open.

Read more: Intego link.

0 Kudos
3 Replies
Level 18

Re: MAC Defender Rogue Anti-Malware Program

Do not confuse this with the original, and entirely legitimate, MacDefender (

As of today's date there are no known removal processes available. A fix should be posted on the Mac forums within the next couple of days.

0 Kudos
Level 9

Re: MAC Defender Rogue Anti-Malware Program

Go into the Applications Folder > Choose and remove it. If you can't delete it, open Activity Monitor and close the MacDefender and try again. You can do the same in safe mode



0 Kudos
Level 18

Re: MAC Defender Rogue Anti-Malware Program

McAfee will provide cover against this threat with the download of DAT 6336.




FakeAlert-Macdefend Trojan


Threat Identifier(s):                  FakeAlert-Macdefend, MACDefender

Threat Type:                              Malware

Risk Assessment:                   Low

Main Threat Vectors:                Web; LAN; WAN; Peer-to-Peer Networks; E-Mail

User Interaction Required:     Yes

Description:                               The FakeAlert-Macdefend Trojan masquerades as a legitimate security software package for Mac OS X. Similar to Windows-based counterparts in this family, this malware installs via a drive-by download, reports false security warnings, and presents suggestions to "clean" the system. This process involves paying for a "cleaner" or "more robust" version of the software. When running, the Trojan will display intermittent, false malware detection warnings, and open browser windows to pornographic sites.

Importance:                       Low. This threat has gained media attention.

McAfee Product Coverage *

DAT files:                             Coverage will be provided as "FakeAlert-Macdefend" in the 6336 DATs, to be released May 4.

Additional Information

McAfee VIL: FakeAlert-Macdefend.

SANS: More on MAC OSX Malware - MACDefender Fake Antivirus.

0 Kudos