The people behind the MacDefender/Mac Security malware fake antivirus that we reported here and here, have gotten a bit more sophisticated. In our security memo of May 2, 2011, we reported that while the application served was sophisticated, the web page used to deliver it showed a bogus Windows environment.
Well, this fake antivirus is now served to Mac users from a page that resembles the Mac OS X Finder, albeit imperfectly. As you can see in the screenshot below, the fonts in the list aren’t correct, and the alert window isn’t a real Mac alert, but the sidebar is a copy of the Mac OS X Finder; there’s even a Dropbox folder. Also, the malware in the list are real Mac malware names.
Mac users will no longer be put off by seeing the fake Windows screen, and this may incite more of them to install the fake antivirus. If you see such a window, close it, and don’t install any software you find in your Downloads folder or on your Desktop. The latest version of this fake antivirus is delivered in a file called anti-malware.zip, and the application is still called MacSecurity.