Just a few hours after Apple released a security update to block the MacDefender fake antivirus, a new variant has been found, which tests Apple’s ability to rapidly respond to new threats. The latest version comes in an installer package named mdinstall.pkg, and installs an application named MacGuard, which is the latest name that has been used for this malware. (The first name used was MacDefender, followed by MacProtect, MacSecurity and MacGuard.)
Intego VirusBarrier X6, with its current malware definitions, already detects this variant, because of the multiple techniques it uses to detect malware, but the new variant manages to evade Apple’s signature-based malware detection system. We expect Apple to release an update to these malware signatures soon, as the new system is set, by default, to check for updates every 24 hours.