Intego has discovered new variants of the Mac Defender fake antivirus, which the company discovered early this week. In addition to making changes to the payload that is downloaded, the name of the fake antivirus has been changed to Mac Security, and the installer file is named MacSecurity.mpkg.
We’ve done a brief video to show how this fake antivirus is downloaded and installed, and how it functions:
Note: since we shot this video, the bad guys have become a bit more sophisticated, using a bogus Mac screen instead of a fake Windows screen.
Intego VirusBarrier X5 and VirusBarrier X6 (https://www.intego.com/virusbarrier/), along with VirusBarrier Express and VirusBarrier Plus, detect these new variants with threat filters dated May 5, 2011 or later.