Digita Security

Cybersecurity solutions for the

  • modern
  • mobile
  • independent
  • innovative
  • enterprising

macOS workforce

5.31.2011 ( Version -1 )


Also Known As: MacProtector, MacGuard, MacSecurity, OSX/FakeAV-DWK, OSX/FakeAV-DWN, OSX/FakeAvDl-A

OSX/MacDefender is a series of Fake Antivirus malware programs that tricked users into installing the program with fake online AV scans served via search engine optimization (SEO) poisoning [1]. Once installed it redirected users to adult websites and was capable of stealing credit card information [1]. Originally detected on 2 May, 2011 by Intego, Apple updated the XProtect signature with Security Update 2011-003 on 31, May 2011. This patch also included a feature to check for new XProtect signatures daily [2].

  1. https://en.wikipedia.org/wiki/Mac_Defender
  2. https://nakedsecurity.sophos.com/2011/05/31/apple-releases-update-to-protect-against-macdefender/

Sample Hashes (VT links):