Digita Security

Cybersecurity solutions for the

  • modern
  • mobile
  • independent
  • innovative
  • enterprising

macOS workforce

5.31.2011 ( Version -1 )

MacDefenderB

Also Known As: Mac Protector, Mac Guard, Mac Security, FakeAV-DWK, FakeAV-DWN, FakeAvDl-A

OSX/MacDefender is a series of Fake Antivirus malware programs that tricked users into installing the program with fake online AV scans served via search engine optimization (SEO) poisoning [1]. Once installed it redirected users to adult websites and was capable of stealing credit card information [1]. Originally detected on 2 May, 2011 by Intego, Apple updated the XProtect signature with Security Update 2011-003 on 31, May 2011. This patch also included a feature to check for new XProtect signatures daily [2].

References:
  1. https://en.wikipedia.org/wiki/Mac_Defender

Sample Hashes (VT links):
03fce25a7823e63139752506668eededae4d33b7
0dceacd1eb6d25159bbf9408bfa0b75dd0eac181
1191ed22b3f3a7578e0cedf8993f6d647a7302b1
5fd47e23be3a2a2de526398c53bc27ebc4794e61
6b1b5d799bbc766f564c838c965baf2ca31502df
7eb5702f706e370ced910dd30f73fef3e725c2bb
7815c43edd431d6f0a96da8e166347f36ee9f932
a172738a91bada5967101e9d3d7ef2f7c058b75b
b350021f80ff6dacd31a53d8446d21e333e68790
eb876a4fd893fd54da1057d854f5043f6c144b67
3596070edc0badcf9e29f4b1172f00cebb863396
8cfce1b81e03242c36de4ad450f199f6f4d76841