1. /
  2. Security Response/
  3. MACDefender

MACDefender

Updated:
February 7, 2012 5:10:19 PM
Type:
Misleading Application
Risk Impact:
Medium
Systems Affected:
Mac OS X
Behavior
The program must be manually installed.

The program reports false or exaggerated system security threats on the computer.



The user is then prompted to obtain a full version of the application in order to remove the threats.



Installation
When the program is executed, it creates the following files:
  • /Application/MacDefender.app/
  • /Application/MacDefender.app/Contents
  • /Application/MacDefender.app/Contents/Info.plist
  • /Application/MacDefender.app/Contents/MacOS
  • /Application/MacDefender.app/Contents/MacOS/MacDefender
  • /Application/MacDefender.app/Contents/PkgInfo
  • /Application/MacDefender.app/Contents/Resources
  • /Application/MacDefender.app/Contents/Resources/About-Back.png
  • /Application/MacDefender.app/Contents/Resources/AboutD.nib
  • /Application/MacDefender.app/Contents/Resources/AboutMBMI.png
  • /Application/MacDefender.app/Contents/Resources/affid.txt
  • /Application/MacDefender.app/Contents/Resources/CC-Back.png
  • /Application/MacDefender.app/Contents/Resources/CC-BigOptions.png
  • /Application/MacDefender.app/Contents/Resources/CC-BigOptionsHover.png
  • /Application/MacDefender.app/Contents/Resources/CC-BigOptionsPressed.png
  • /Application/MacDefender.app/Contents/Resources/CC-BigScan.png
  • /Application/MacDefender.app/Contents/Resources/CC-BigScanHover.png
  • /Application/MacDefender.app/Contents/Resources/CC-BigScanPressed.png
  • /Application/MacDefender.app/Contents/Resources/CC-BigSysInfo.png
  • /Application/MacDefender.app/Contents/Resources/CC-BigSysInfoHover.png
  • /Application/MacDefender.app/Contents/Resources/CC-BigSysInfoPressed.png
  • /Application/MacDefender.app/Contents/Resources/CC-CleanupBtn.png
  • /Application/MacDefender.app/Contents/Resources/CC-CleanupHoverBtn.png
  • /Application/MacDefender.app/Contents/Resources/CC-CleanupPressedBtn.png
  • /Application/MacDefender.app/Contents/Resources/CC-Exclam.png
  • /Application/MacDefender.app/Contents/Resources/CC-MoreBtn.png
  • /Application/MacDefender.app/Contents/Resources/CC-MoreHoverBtn.png
  • /Application/MacDefender.app/Contents/Resources/CC-MorePressedBtn.png
  • /Application/MacDefender.app/Contents/Resources/CC-Ok.png
  • /Application/MacDefender.app/Contents/Resources/CC-Question.png
  • /Application/MacDefender.app/Contents/Resources/CC-Register.png
  • /Application/MacDefender.app/Contents/Resources/CC-RegisterHover.png
  • /Application/MacDefender.app/Contents/Resources/CC-RegisterPressed.png
  • /Application/MacDefender.app/Contents/Resources/CC-Scan.png
  • /Application/MacDefender.app/Contents/Resources/CC-ScanHover.png
  • /Application/MacDefender.app/Contents/Resources/CC-ScanPressed.png
  • /Application/MacDefender.app/Contents/Resources/CC-StartScan2Btn.png
  • /Application/MacDefender.app/Contents/Resources/CC-StartScan2HoverBtn.png
  • /Application/MacDefender.app/Contents/Resources/CC-StartScan2PressedBtn.png
  • /Application/MacDefender.app/Contents/Resources/CC-Update.png
  • /Application/MacDefender.app/Contents/Resources/CC-UpdateHover.png
  • /Application/MacDefender.app/Contents/Resources/CC-UpdatePressed.png
  • /Application/MacDefender.app/Contents/Resources/Cleanedup.mp3
  • /Application/MacDefender.app/Contents/Resources/ClearMBMI.png
  • /Application/MacDefender.app/Contents/Resources/ControlCenterD.nib
  • /Application/MacDefender.app/Contents/Resources/ControlCenterMBMI.png
  • /Application/MacDefender.app/Contents/Resources/Curing_1.png
  • /Application/MacDefender.app/Contents/Resources/Curing_2.png
  • /Application/MacDefender.app/Contents/Resources/Curing_3.png
  • /Application/MacDefender.app/Contents/Resources/Curing_4.png
  • /Application/MacDefender.app/Contents/Resources/Curing_5.png
  • /Application/MacDefender.app/Contents/Resources/Curing_6.png
  • /Application/MacDefender.app/Contents/Resources/Curing_7.png
  • /Application/MacDefender.app/Contents/Resources/Curing_8.png
  • /Application/MacDefender.app/Contents/Resources/dribblebeep.wav
  • /Application/MacDefender.app/Contents/Resources/editclear.png
  • /Application/MacDefender.app/Contents/Resources/English.lproj
  • /Application/MacDefender.app/Contents/Resources/English.lproj/InfoPlist.strings
  • /Application/MacDefender.app/Contents/Resources/English.lproj/Localizable.strings
  • /Application/MacDefender.app/Contents/Resources/English.lproj/MainMenu.nib
  • /Application/MacDefender.app/Contents/Resources/FilenamePlace.png
  • /Application/MacDefender.app/Contents/Resources/Fonts
  • /Application/MacDefender.app/Contents/Resources/Fonts/MyriadPro-It.otf
  • /Application/MacDefender.app/Contents/Resources/Fonts/MyriadPro-Regular.otf
  • /Application/MacDefender.app/Contents/Resources/Fonts/MyriadPro-Semibold.otf
  • /Application/MacDefender.app/Contents/Resources/Fonts/MyriadPro-SemiboldIt.otf
  • /Application/MacDefender.app/Contents/Resources/icon.icns
  • /Application/MacDefender.app/Contents/Resources/MB-Infected.png
  • /Application/MacDefender.app/Contents/Resources/MB-OK.png
  • /Application/MacDefender.app/Contents/Resources/MB-Unknown.png
  • /Application/MacDefender.app/Contents/Resources/NotificationPWnd.nib
  • /Application/MacDefender.app/Contents/Resources/NS-BigBack.png
  • /Application/MacDefender.app/Contents/Resources/NS-BigBackNoBorder.png
  • /Application/MacDefender.app/Contents/Resources/NS-BlueExclamPict.png
  • /Application/MacDefender.app/Contents/Resources/NS-CleanupButton.png
  • /Application/MacDefender.app/Contents/Resources/NS-CloseBtn.png
  • /Application/MacDefender.app/Contents/Resources/NS-CloseBtnPressed.png
  • /Application/MacDefender.app/Contents/Resources/NS-RedExclamPict.png
  • /Application/MacDefender.app/Contents/Resources/NS-RegisterButton.png
  • /Application/MacDefender.app/Contents/Resources/NS-ResumeScan.png
  • /Application/MacDefender.app/Contents/Resources/NS-ScanFinished.png
  • /Application/MacDefender.app/Contents/Resources/NS-ScanPause.png
  • /Application/MacDefender.app/Contents/Resources/NS-ScanStop.png
  • /Application/MacDefender.app/Contents/Resources/NS-SmallBack.png
  • /Application/MacDefender.app/Contents/Resources/NS-SmallBackNoBorder.png
  • /Application/MacDefender.app/Contents/Resources/NS-StartScan.png
  • /Application/MacDefender.app/Contents/Resources/NS-VirusFound.png
  • /Application/MacDefender.app/Contents/Resources/NS-YellowExclamPict.png
  • /Application/MacDefender.app/Contents/Resources/Options-Back.png
  • /Application/MacDefender.app/Contents/Resources/OptionsD.nib
  • /Application/MacDefender.app/Contents/Resources/OptionsMBMI.png
  • /Application/MacDefender.app/Contents/Resources/orchestral_ta_da_stinger_01.mp3
  • /Application/MacDefender.app/Contents/Resources/PauseScanMBMI.png
  • /Application/MacDefender.app/Contents/Resources/Register-Back.png
  • /Application/MacDefender.app/Contents/Resources/Register-BuyBtn.png
  • /Application/MacDefender.app/Contents/Resources/Register-BuyHoverBtn.png
  • /Application/MacDefender.app/Contents/Resources/Register-BuyPressedBtn.png
  • /Application/MacDefender.app/Contents/Resources/Register-OkBtn.png
  • /Application/MacDefender.app/Contents/Resources/Register-OkHoverBtn.png
  • /Application/MacDefender.app/Contents/Resources/Register-OkPressedBtn.png
  • /Application/MacDefender.app/Contents/Resources/Register-Pict.png
  • /Application/MacDefender.app/Contents/Resources/RegisterMBMI.png
  • /Application/MacDefender.app/Contents/Resources/RegWinD.nib
  • /Application/MacDefender.app/Contents/Resources/ResumScanMBMI.png
  • /Application/MacDefender.app/Contents/Resources/Scan-Back.png
  • /Application/MacDefender.app/Contents/Resources/Scan-PauseScanBtn.png
  • /Application/MacDefender.app/Contents/Resources/Scan-PauseScanHoverBtn.png
  • /Application/MacDefender.app/Contents/Resources/Scan-ResumeScanBtn.png
  • /Application/MacDefender.app/Contents/Resources/Scan-ResumeScanHoverBtn.png
  • /Application/MacDefender.app/Contents/Resources/Scan-ResumeScanPressedBtn.png
  • /Application/MacDefender.app/Contents/Resources/Scan-StartScanBtn.png
  • /Application/MacDefender.app/Contents/Resources/Scan-StartScanHoverBtn.png
  • /Application/MacDefender.app/Contents/Resources/Scan-StartScanPressedBtn.png
  • /Application/MacDefender.app/Contents/Resources/Scan-StopScanBtn.png
  • /Application/MacDefender.app/Contents/Resources/Scan-StopScanHoverBtn.png
  • /Application/MacDefender.app/Contents/Resources/Scan-StopScanPressed.png
  • /Application/MacDefender.app/Contents/Resources/ScanD.nib
  • /Application/MacDefender.app/Contents/Resources/ScanI_1.png
  • /Application/MacDefender.app/Contents/Resources/ScanI_2.png
  • /Application/MacDefender.app/Contents/Resources/ScanI_3.png
  • /Application/MacDefender.app/Contents/Resources/ScanI_4.png
  • /Application/MacDefender.app/Contents/Resources/ScanMBMI.png
  • /Application/MacDefender.app/Contents/Resources/ScanNowMBMI.png
  • /Application/MacDefender.app/Contents/Resources/ScanOk_1.png
  • /Application/MacDefender.app/Contents/Resources/ScanOk_2.png
  • /Application/MacDefender.app/Contents/Resources/ScanOk_3.png
  • /Application/MacDefender.app/Contents/Resources/ScanOk_4.png
  • /Application/MacDefender.app/Contents/Resources/ScanU_1.png
  • /Application/MacDefender.app/Contents/Resources/ScanU_2.png
  • /Application/MacDefender.app/Contents/Resources/ScanU_3.png
  • /Application/MacDefender.app/Contents/Resources/ScanU_4.png
  • /Application/MacDefender.app/Contents/Resources/Splash.nib
  • /Application/MacDefender.app/Contents/Resources/Splash.png
  • /Application/MacDefender.app/Contents/Resources/StopScanMBMI.png
  • /Application/MacDefender.app/Contents/Resources/SY-KillBtn.png
  • /Application/MacDefender.app/Contents/Resources/SY-KillHoverBtn.png
  • /Application/MacDefender.app/Contents/Resources/SY-RefreshBtn.png
  • /Application/MacDefender.app/Contents/Resources/SY-RefreshHoverBtn.png
  • /Application/MacDefender.app/Contents/Resources/SysInfo-Back2.png
  • /Application/MacDefender.app/Contents/Resources/SysInfoD.nib
  • /Application/MacDefender.app/Contents/Resources/SysInfoMBMI.png
  • /Application/MacDefender.app/Contents/Resources/TB-About.png
  • /Application/MacDefender.app/Contents/Resources/TB-ControlCenter.png
  • /Application/MacDefender.app/Contents/Resources/TB-Options.png
  • /Application/MacDefender.app/Contents/Resources/TB-Scan.png
  • /Application/MacDefender.app/Contents/Resources/TB-Sysinfo.png
  • /Application/MacDefender.app/Contents/Resources/threat.wav
  • /Application/MacDefender.app/Contents/Resources/Wallet.png


Other info
The risk may open the browser and go to the following URLs:
  • [http://]gay.porn.com
  • [http://]buy-viagra-now.net
  • [http://]fitish.com
  • [http://]www.gay.com
  • [http://]www.porn.com
  • [http://]www.freebdsmgalleries.com


It may also access the following URL to confirm installation:
[http://]69.50.214.54/[REMOVED]
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver